@mozilla
Please, stop killing your self by trying to stop custom ROMs, you realize your target audience, right? It's not to late to turn around this decision.

#mozilla #firefox #rom #android #sideloading #stopkillingandroid

#Android verification is coming: #Google confirms timeline and supported app stores

https://arstechnica.com/gadgets/2026/06/google-shares-updated-timeline-for-rolling-out-android-developer-verification/

#sideloading #privacy #FOSS #cybersecurity

OnionDrop Loader Deploys Multiple Infostealers via DLL Sideloading

OnionDrop is a sophisticated loader that delivers multiple infostealers through DLL sideloading and multi stage payload execution.

Pulse ID: 6a31e4850d34fde431d12964
Pulse Link: https://otx.alienvault.com/pulse/6a31e4850d34fde431d12964
Pulse Author: cryptocti
Created: 2026-06-17 00:04:21

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #InfoStealer #OTX #Onion #OpenThreatExchange #SideLoading #bot #cryptocti

Inside OnyxC2: The New Stealer Targeting 210 Apps

OnyxC2 emerged in early 2026 as a malware-as-a-service stealer sold on cybercrime networks for $250 monthly. The platform includes a web panel, payload builder, and tiered pricing structure with refund guarantees. Written in C++ with assembly for direct syscalls, it targets approximately 210 applications across nine categories: 45 browsers, 109 extensions including 2FA tools, 5 password managers, 17 cryptocurrency wallets, 11 FTP clients, 5 email clients, and VPN/messaging applications. The stealer achieves 99% detection evasion through mutated builds and delivers via DLL sideloading using signed binaries. Higher tiers unlock remote access capabilities including HVNC, LSASS dumping, reverse SOCKS5 proxy, keylogging, and reverse shell. Distribution occurs through fake installers delivered as password-protected archives, with C2 communication over Cloudflare-fronted HTTPS to akmuniverstall.top.

Pulse ID: 6a301309d410a2c508c138d4
Pulse Link: https://otx.alienvault.com/pulse/6a301309d410a2c508c138d4
Pulse Author: AlienVault
Created: 2026-06-15 14:58:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#2FA #Browser #Cloud #CyberCrime #CyberSecurity #Email #HTTP #HTTPS #InfoSec #Malware #MalwareAsAService #OTX #OpenThreatExchange #Password #Proxy #SideLoading #VNC #VPN #Word #bot #cryptocurrency #hVNC #socks5 #AlienVault

Targeted espionage against Cambodian government entities

Acronis Threat Research Unit identified two espionage campaigns targeting Cambodian government entities in defense and public works sectors, attributed to a cluster tracked as Khmer Shadow. Both campaigns delivered a custom C++ loader named NIGHTFORGE through government-themed lures in self-extracting archives. NIGHTFORGE employs sophisticated evasion techniques including NTDLL unhooking and Hell's Gate syscall resolution to decrypt and execute a Havoc Demon payload in memory. The loader utilizes DLL sideloading through a legitimate VMware-signed binary (VMwareNamespaceCmd.exe) and establishes persistence via COM-based scheduled tasks. Despite advanced technical capabilities, the actor demonstrated poor operational security by reusing identical payloads and infrastructure across targets. The campaigns targeted Cambodia's Information Collection Bureau and Ministry of Public Works and Transport using meeting-themed social engineering lures.

Pulse ID: 6a2aa0fe417d1a6f2b89eec1
Pulse Link: https://otx.alienvault.com/pulse/6a2aa0fe417d1a6f2b89eec1
Pulse Author: AlienVault
Created: 2026-06-11 11:50:22

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cambodia #CyberSecurity #ELF #Espionage #Government #InfoSec #OTX #OpenThreatExchange #RAT #SideLoading #SocialEngineering #VMware #bot #AlienVault

In case you didn't know, #sideloading just means installing an app. That's it. It's only called that cuz the G and A words don't want you doing it.

We don't call apt install or downloading a DMG side loading. But maybe we should so we can normalize installing the software we choose.

⋅ Sideloading : des apps open source montrent comment contourner les blocages Google

− https://www.clubic.com/actualite-615556-sideloading-des-apps-open-source-montrent-comment-contourner-les-blocages-google.html

#Android #Google #Sideloading

Building a new #android app for the first time in a long time.

I'm trying out the unifiedpush.org stuff. It seems like it shouldn't work as well as it does.

I'm basically targeting self-hosting an apk, or putting it on f-droid. But sadly it feels like #fdroid is doomed due to Google putting up hurdles to prevent smooth use of alternative stores. (e.g. trying to break #sideloading, requiring a dance to allow installing, scare screens, etc.)

I'd target #linux, but no phones?!?

#buildinpublic