Forwarded from Android Security & Malware
Automating Android Component Testing with new APK Inspector tool
-What are exported components?
-Setup and testing APK Inspector
-Improve automation and execute ADB commands interactively
-Run it on Android
-What are Intent Redirection Vulnerabilities?
https://www.mobile-hacker.com/2025/09/18/automating-android-app-component-testing-with-new-apk-inspector/
-What are exported components?
-Setup and testing APK Inspector
-Improve automation and execute ADB commands interactively
-Run it on Android
-What are Intent Redirection Vulnerabilities?
https://www.mobile-hacker.com/2025/09/18/automating-android-app-component-testing-with-new-apk-inspector/
Mobile Hacker
Automating Android App Component Testing with New APK Inspector
If improperly secured, exported components become easy entry points for attackers to execute arbitrary code, access sensitive data, or manipulate the app’s behavior.
Forwarded from Android Security & Malware
Trigger for the integer underflow bug in the HID core subsystem (CVE-2025-38494 and CVE-2025-38495) that leaks 64 KB of OOB memory over USB
Still works on Pixels and Ubuntus (but the bug is fixed in stable kernels)
https://github.com/xairy/kernel-exploits/tree/master/CVE-2025-38494
Still works on Pixels and Ubuntus (but the bug is fixed in stable kernels)
https://github.com/xairy/kernel-exploits/tree/master/CVE-2025-38494
Forwarded from Android Security & Malware
CVE-2025-10184 is permission bypass that affects multiple OnePlus devices running OxygenOS 12–15 (NOT FIXED) with PoC
This vulnerability allows any application installed on the device to read SMS/MMS without permission, user interaction, or consent.
https://www.rapid7.com/blog/post/cve-2025-10184-oneplus-oxygenos-telephony-provider-permission-bypass-not-fixed/
This vulnerability allows any application installed on the device to read SMS/MMS without permission, user interaction, or consent.
https://www.rapid7.com/blog/post/cve-2025-10184-oneplus-oxygenos-telephony-provider-permission-bypass-not-fixed/
Forwarded from Android Security & Malware
Finding vulnerabilities in the Binder kernel driver through fuzzing
https://androidoffsec.withgoogle.com/posts/binder-fuzzing/
https://androidoffsec.withgoogle.com/posts/binder-fuzzing/
Withgoogle
Binder Fuzzing - Android Offensive Security Blog
In our previous blog posts, we explored Android Binder’s intricacies, from exploiting a vulnerability (CVE-2023-20938) for kernel code execution to examining its inner workings. In this post, we shift our focus to finding vulnerabilities in the Binder kernel…
Forwarded from Android Security & Malware
Obtain a root shell on Unisoc unpatched devices (CVE-2025-31710)
https://github.com/Skorpion96/unisoc-su/tree/main?tab=readme-ov-file
https://github.com/Skorpion96/unisoc-su/tree/main?tab=readme-ov-file
GitHub
GitHub - Skorpion96/unisoc-su: A method for CVE-2025-31710 and to connect to cmd_skt to obtain a root shell on unisoc unpatched…
A method for CVE-2025-31710 and to connect to cmd_skt to obtain a root shell on unisoc unpatched models - Skorpion96/unisoc-su
Forwarded from Android Security & Malware
Banker Trojan Targeting Indonesian and Vietnamese Android Users
https://dti.domaintools.com/banker-trojan-targeting-indonesian-and-vietnamese-android-users/
https://dti.domaintools.com/banker-trojan-targeting-indonesian-and-vietnamese-android-users/
DomainTools Investigations | DTI
Banker Trojan Targeting Indonesian and Vietnamese Android Users - DomainTools Investigations | DTI
A group has been targeting Indonesian and Vietnamese Android users with banking trojans disguised as legitimate payment and government identity applications. The operators exhibit distinct domain registration patterns with a strong operational focus during…
Forwarded from Android Security & Malware
This media is not supported in your browser
VIEW IN TELEGRAM
Triggered WhatsApp 0-click on iOS/macOS/iPadOS
CVE-2025-55177 arises from missing validation that the [Redacted] message originates from a linked device, enabling specially crafted DNG parsing that triggers CVE-2025-43300.
Analysis of Samsung CVE-2025-21043 is also ongoing
Source: https://x.com/DarkNavyOrg/status/1972260639101034950
CVE-2025-55177 arises from missing validation that the [Redacted] message originates from a linked device, enabling specially crafted DNG parsing that triggers CVE-2025-43300.
Analysis of Samsung CVE-2025-21043 is also ongoing
Source: https://x.com/DarkNavyOrg/status/1972260639101034950
Forwarded from Android Security & Malware
Writeup for CVE-2025-24085, an ITW iOS mediaplaybackd vulnerability patched earlier this year
https://github.com/b1n4r1b01/n-days/blob/main/CVE-2025-24085/CVE-2025-24085.md
https://github.com/b1n4r1b01/n-days/blob/main/CVE-2025-24085/CVE-2025-24085.md
GitHub
n-days/CVE-2025-24085/CVE-2025-24085.md at main · b1n4r1b01/n-days
Contribute to b1n4r1b01/n-days development by creating an account on GitHub.
Forwarded from Android Security & Malware
Exploring Android Accessibility Malware | Droidcon Italy 2024
https://www.youtube.com/watch?v=xCHW8ql3vi0
https://www.youtube.com/watch?v=xCHW8ql3vi0
YouTube
Exploring Android Accessibility Malware | Droidcon Italy 2024
Android Accessibility Malware EXPOSED: What Hackers Don’t Want You to Know—this eye-opening session from Droidcon Italy 2024 reveals how cybercriminals exploit Android’s Accessibility Services and combine them with credential stuffing to infiltrate user accounts…
Forwarded from Android Security & Malware
Analysis of Android DHCSpy operated by the Iranian APT MuddyWater
https://shindan.io/blog/dhcspy-discovering-the-iranian-apt-muddywater
https://shindan.io/blog/dhcspy-discovering-the-iranian-apt-muddywater
shindan.io
Blog - DHCSpy - Discovering the Iranian APT MuddyWater
Shindan est une application SaaS, mobile et desktop qui détecte les compromissions et vulnérabilités sur smartphones et tablettes, sans accès aux données personnelles. Obtenez un diagnostic rapide et précis pour protéger vos VIP et collaborateurs.
Forwarded from Android Security & Malware
Security Evaluation Of Android Apps In Budget African Mobile Devices
The study examined 1,544 APKs collected from seven African smartphones. The analysis revealed that 145 applications (9%) disclose sensitive data, 249 (16%) expose critical components, and many present additional risks: 226 execute privileged or dangerous commands, 79 interact with SMS messages (read, send, or delete), and 33 perform silent installation operations
https://arxiv.org/pdf/2509.18800
The study examined 1,544 APKs collected from seven African smartphones. The analysis revealed that 145 applications (9%) disclose sensitive data, 249 (16%) expose critical components, and many present additional risks: 226 execute privileged or dangerous commands, 79 interact with SMS messages (read, send, or delete), and 33 perform silent installation operations
https://arxiv.org/pdf/2509.18800
Forwarded from Android Security & Malware
Datzbro: RAT Hiding Behind Senior Travel Scams
https://www.threatfabric.com/blogs/datzbro-rat-hiding-behind-senior-travel-scams
https://www.threatfabric.com/blogs/datzbro-rat-hiding-behind-senior-travel-scams
ThreatFabric
Datzbro: RAT Hiding Behind Senior Travel Scams
In this research article by ThreatFabric, we expose Datzbro: a new RAT that hides behind senior travel scams.
Forwarded from Android Security & Malware
Klopatra: exposing a new Android banking trojan operation with roots in Turkey
https://www.cleafy.com/cleafy-labs/klopatra-exposing-a-new-android-banking-trojan-operation-with-roots-in-turkey
https://www.cleafy.com/cleafy-labs/klopatra-exposing-a-new-android-banking-trojan-operation-with-roots-in-turkey
Cleafy
Klopatra: exposing a new Android banking trojan operation with roots in Turkey | Cleafy LABS
In late August 2025, Cleafy's Threat Intelligence team discovered Klopatra, a new, highly sophisticated Android malware currently targeting banking users primarily in Spain and Italy. The number of compromised devices has already exceeded 1,000. Read the…
Forwarded from Android Security & Malware
Silent Smishing : The Hidden Abuse of Cellular Router APIs
Cellular router’s API was exploited to send malicious SMS messages containing phishing URLs
https://blog.sekoia.io/silent-smishing-the-hidden-abuse-of-cellular-router-apis/
Cellular router’s API was exploited to send malicious SMS messages containing phishing URLs
https://blog.sekoia.io/silent-smishing-the-hidden-abuse-of-cellular-router-apis/
Sekoia.io Blog
Silent Smishing : The Hidden Abuse of Cellular Router APIs
How attackers abuse Milesight cellular router APIs to run smishing at scale via unauthenticated SMS endpoints—targeting Belgium (CSAM/eBox).
Forwarded from Android Security & Malware
Phones auto-connecting to "FreeWiFi_Secure" Wi-Fi network leak full IMSI in cleartext during EAP-SIM exchange
Anyone nearby with sniffer could capture it → track users, or correlate identities.
Fixed pushed disabling FreeWiFi_Secure on legacy boxes starting Oct 1, 2025.
https://7h30th3r0n3.fr/the-vulnerability-that-killed-freewifi_secure/
Anyone nearby with sniffer could capture it → track users, or correlate identities.
Fixed pushed disabling FreeWiFi_Secure on legacy boxes starting Oct 1, 2025.
https://7h30th3r0n3.fr/the-vulnerability-that-killed-freewifi_secure/
Forwarded from Android Security & Malware
Attacking telecom: security bugs from 2G to 5G, SMS exploits, and SS7 & Diameter protocols
[presentation] https://www.youtube.com/watch?v=364R1SoGGJ4
[presentation] https://www.youtube.com/watch?v=364R1SoGGJ4
Forwarded from Android Security & Malware
Two spyware strains - ProSpy & ToSpy - masquerade as Signal and ToTok to infect Androids
https://www.welivesecurity.com/en/eset-research/new-spyware-campaigns-target-privacy-conscious-android-users-uae/
https://www.welivesecurity.com/en/eset-research/new-spyware-campaigns-target-privacy-conscious-android-users-uae/
Welivesecurity
New spyware campaigns target privacy-conscious Android users in the UAE
ESET researchers have discovered campaigns distributing spyware disguised as Android Signal and ToTok apps, targeting users in the United Arab Emirates.
Forwarded from 𝗽𝗼𝗽𝗠𝗢𝗗𝗦 | 𝗙𝗢𝗦𝗦, 𝗟𝗶𝗳𝗲, 𝗠𝗲𝗺𝗲𝘀 (Ömer)
Gurk
Signal Messenger client for terminal
🔗 Links:
- İnstallation
- Usage
- Source code
Developer: boxdot
🏷 Tags: #Linux #MacOS #Windows #Social
Signal Messenger client for terminal
🔗 Links:
- İnstallation
- Usage
- Source code
Developer: boxdot
❤️ Support the Project
If this project makes your life easier, here are a few quick ways to show some love:
⭐ Star the repo/app
☕ Buy a coffee for the developer
🛠 Contribute code, issues, or pull-requests
🏷 Tags: #Linux #MacOS #Windows #Social
Forwarded from 𝗽𝗼𝗽𝗠𝗢𝗗𝗦 | 𝗙𝗢𝗦𝗦, 𝗟𝗶𝗳𝗲, 𝗠𝗲𝗺𝗲𝘀 (Ömer)
This media is not supported in your browser
VIEW IN TELEGRAM
Forwarded from 𝗽𝗼𝗽𝗠𝗢𝗗𝗦 | 𝗙𝗢𝗦𝗦, 𝗟𝗶𝗳𝗲, 𝗠𝗲𝗺𝗲𝘀 (Ömer)
FairScan
FairScan is an Android app to scan documents. It aims to be simple and respectful to users.
🔗 Links:
- Download
- Screenshots
- Features
- Website
- Source code
Developer: pynicolas
🏷 Tags: #Android #Utilities
FairScan is an Android app to scan documents. It aims to be simple and respectful to users.
🔗 Links:
- Download
- Screenshots
- Features
- Website
- Source code
Developer: pynicolas
❤️ Support the Project
If this project makes your life easier, here are a few quick ways to show some love:
⭐ Star the repo/app
☕ Buy a coffee for the developer
🛠 Contribute code, issues, or pull-requests
🏷 Tags: #Android #Utilities
Forwarded from 𝗽𝗼𝗽𝗠𝗢𝗗𝗦 | 𝗙𝗢𝗦𝗦, 𝗟𝗶𝗳𝗲, 𝗠𝗲𝗺𝗲𝘀 (Ömer)
AnswerGit
AnswerGit is a platform that allows you to analyze Git repositories and ask AI questions about the code. It uses AI to provide detailed explanations and summaries of Git commands, workflows, and code structure, making it easier to understand and interact with code repositories.
🔗 Links:
- Website
- Demo video and screenshots
- Features
- Source code
Developer: TharaneshA
🏷 Tags: #Website #Tools #AI
AnswerGit is a platform that allows you to analyze Git repositories and ask AI questions about the code. It uses AI to provide detailed explanations and summaries of Git commands, workflows, and code structure, making it easier to understand and interact with code repositories.
🔗 Links:
- Website
- Demo video and screenshots
- Features
- Source code
Developer: TharaneshA
❤️ Support the Project
If this project makes your life easier, here are a few quick ways to show some love:
⭐ Star the repo/app
☕ Buy a coffee for the developer
🛠 Contribute code, issues, or pull-requests
🏷 Tags: #Website #Tools #AI