Microsoft Authenticator’s Unclaimed Deep Link: A Full Account Takeover Story (CVE-2026–26123)
https://khaledsec.medium.com/microsoft-authenticators-unclaimed-deep-link-a-full-account-takeover-story-cve-2026-26123-e0409a920a02?sk=df506976e7c2d15fd29e70725873f6e2
https://khaledsec.medium.com/microsoft-authenticators-unclaimed-deep-link-a-full-account-takeover-story-cve-2026-26123-e0409a920a02?sk=df506976e7c2d15fd29e70725873f6e2
Medium
Microsoft Authenticator’s Unclaimed Deep Link: A Full Account Takeover Story (CVE-2026–26123)
When your authentication app becomes the weakest link: How an unclaimed deep link exposed millions of Microsoft accounts
❤12⚡3🥰2💘1
Coruna: the framework used in Operation Triangulation
https://securelist.com/coruna-framework-updated-operation-triangulation-exploit/119228/
https://securelist.com/coruna-framework-updated-operation-triangulation-exploit/119228/
👍6❤4🎃4🔥1
Analysis of Android FvncBot banker campaign targeting Polish users
https://cert.pl/en/posts/2026/03/fvncbot-analysis/
https://cert.pl/en/posts/2026/03/fvncbot-analysis/
cert.pl
Analysis of FvncBot campaign
CERT Polska has analyzed an SGB-branded Android malware sample from the FvncBot campaign targeting Poland. The app installs a second-stage implant, coerces the victim into enabling accessibility, and registers the device to a backend that issues per-device…
⚡8
Operation NoVoice: Rootkit Tells No Tales (link to Android Triada family)
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-research-operation-novoice-rootkit-malware-android/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-research-operation-novoice-rootkit-malware-android/
McAfee Blog
Operation NoVoice: Rootkit Tells No Tales | McAfee Blog
Authored By: Ahmad Zubair Zahid McAfee’s mobile research team identified and investigated an Android rootkit campaign tracked as Operation Novoice. The
⚡9
Analysis of cifrat: could this be an evolution of a mobile RAT?
https://cert.pl/en/posts/2026/04/cifrat-analysis/
https://cert.pl/en/posts/2026/04/cifrat-analysis/
cert.pl
Analysis of cifrat: could this be an evolution of a mobile RAT?
CERT Polska analyzed a Booking themed Android malware chain delivered through phishing and a fake update website. The sample is a multistage dropper that installs a hidden accessibility controlled RAT with WebSocket C2.
👍11
PoC of DarkSword iOS exploit tested on iOS 17.1.1 - 26.0.1
https://github.com/rooootdev/lara
https://github.com/rooootdev/lara
GitHub
GitHub - rooootdev/lara: WIP darksword kexploit implement
WIP darksword kexploit implement. Contribute to rooootdev/lara development by creating an account on GitHub.
❤7🎃4💩1
Canis C2 Exposed: Previously Undocumented Cross-Platform Surveillance Framework Targeting Japan pivoting from Android sample
https://hunt.io/blog/canis-c2-exposed-cross-platform-surveillance-framework-japan
https://hunt.io/blog/canis-c2-exposed-cross-platform-surveillance-framework-japan
hunt.io
Canis C2 Exposed: Previously Undocumented Cross-Platform Surveillance Framework Targeting Japan
An exposed API on a Japanese phishing server revealed Canis C2, a previously undocumented surveillance framework targeting Android, iOS, Windows, Linux, and macOS.
❤10🎃2
Hack-For-Hire Operation Linked to BITTER APT (Android ProSpy spyware)
https://www.lookout.com/threat-intelligence/article/bitter-hack-for-hire
https://www.lookout.com/threat-intelligence/article/bitter-hack-for-hire
Lookout
Beyond BITTER: MENA Civil Society Targeted in Hack-For-Hire Operation Linke | Threat Intel
🎃7
Intent redirection vulnerability in third-party EngageLab SDK exposed millions of Android wallets to potential risk
https://www.microsoft.com/en-us/security/blog/2026/04/09/intent-redirection-vulnerability-third-party-sdk-android/
https://www.microsoft.com/en-us/security/blog/2026/04/09/intent-redirection-vulnerability-third-party-sdk-android/
Microsoft News
Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk
A severe Android intent‑redirection vulnerability in a widely deployed SDK exposed sensitive user data across millions of apps. Microsoft researchers detail how the flaw works, why it matters, and how developers can mitigate similar risks by updating affected…
🎃8❤4
Mirax: a new Android RAT turning infected devices into potential residential proxy nodes
https://www.cleafy.com/cleafy-labs/mirax-a-new-android-rat-turning-infected-devices-into-potential-residential-proxy-nodes
https://www.cleafy.com/cleafy-labs/mirax-a-new-android-rat-turning-infected-devices-into-potential-residential-proxy-nodes
Cleafy
Mirax: a new Android RAT turning infected devices into potential residential proxy nodes
Mirax, a new Android RAT and banking malware operating as a private MaaS is actively targeting Spanish-speaking countries via Meta ad campaigns.
👍15❤4
Giving an Agent a Rooted Android Phone
https://workers.io/blog/autonomous-mobile-pentesting/
https://workers.io/blog/autonomous-mobile-pentesting/
Workers IO
Giving an Agent a Rooted Android Phone
So what actually happens if you hand an AI agent root access to an Android phone, plus a runtime hooking framework? In this case, it went straight to reverse-engineering Subway Surfers and figured out how to rack up unlimited coins.
❤14🎃3👾1
Pre-installed C2 Infrastructure and RAT Payload on Android Projectors
https://github.com/Kavan00/Android-Projector-C2-Malware
https://github.com/Kavan00/Android-Projector-C2-Malware
GitHub
GitHub - Kavan00/Android-Projector-C2-Malware: Breakdown of a c2-network of chinese beamers - SilentSDK-Analysis
Breakdown of a c2-network of chinese beamers - SilentSDK-Analysis - Kavan00/Android-Projector-C2-Malware
🙏10❤3🎃1
Reversing XAMARIN Mobile Applications
https://mrbypass.medium.com/reversing-xamarin-mobile-applications-3910a857444d
https://mrbypass.medium.com/reversing-xamarin-mobile-applications-3910a857444d
Medium
🔍 Reversing XAMARIN Mobile Applications
📱 What is XAMARIN?
🎃10
MalFixer: toolkit for inspecting and recovering malformed Android APK files (repairs corrupted ZIP entries, decodes and reconstructs malformed Android manifests, and extracts or sanitises problematic asset files)
https://github.com/Cleafy/Malfixer
https://github.com/Cleafy/Malfixer
GitHub
GitHub - Cleafy/Malfixer: MalFixer is a comprehensive toolkit for inspecting and recovering malformed Android APK files
MalFixer is a comprehensive toolkit for inspecting and recovering malformed Android APK files - Cleafy/Malfixer
❤17🤣4⚡1
Android Bankers: 4 Campaigns In A Row
https://zimperium.com/blog/android-bankers-4-campaigns-in-a-row
https://zimperium.com/blog/android-bankers-4-campaigns-in-a-row
Zimperium
Android Bankers: 4 Campaigns In A Row
true
❤9🎃1
Lorikazz: An Android TV and STB botnet using Tor .onion C2, ENS resolution, and bundled ELF payloads disguised as system libraries to hijack set-top boxes for proxyware operations
https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2026-04-13-LORIKAZZ-ANDROID-IOT.txt
https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2026-04-13-LORIKAZZ-ANDROID-IOT.txt
GitHub
Unit42-timely-threat-intel/2026-04-13-LORIKAZZ-ANDROID-IOT.txt at main · PaloAltoNetworks/Unit42-timely-threat-intel
A collection of files with indicators supporting social media posts from Palo Alto Network's Unit 42 team to disseminate timely threat intelligence. - PaloAltoNetworks/Unit42-timely-threat-intel
❤9🎃4
MiningDropper – A Global Modular Android Malware Campaign Operating at Scale
https://cyble.com/blog/miningdropper-global-modular-android-malware/
https://cyble.com/blog/miningdropper-global-modular-android-malware/
Cyble
MiningDropper: A Global Android Malware Campaign
Cyble analyzes a surge in an ongoing campaign to deliver MiningDropper — a modular Android malware framework - at scale.
🎃9❤2
FakeWallet crypto stealer spreading through iOS apps in the App Store
https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/
https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/
❤11🎃3
New NGate variant hides in a trojanized NFC payment app
https://www.welivesecurity.com/en/eset-research/new-ngate-variant-hides-in-a-trojanized-nfc-payment-app/
https://www.welivesecurity.com/en/eset-research/new-ngate-variant-hides-in-a-trojanized-nfc-payment-app/
Welivesecurity
New NGate variant hides in a trojanized NFC payment app
ESET researchers discover another iteration of NGate malware, this time possibly developed with the assistance of AI.
😱10❤3🎃1
Bad Connection: Uncovering how global mobile networks themselves have become surveillance infrastructure to spy on location of targets
https://citizenlab.ca/research/uncovering-global-telecom-exploitation-by-covert-surveillance-actors/
https://citizenlab.ca/research/uncovering-global-telecom-exploitation-by-covert-surveillance-actors/
The Citizen Lab
The Citizen Lab Bad Connection: Uncovering Global Telecom Exploitation by Covert Surveillance Actors
Our investigation uncovers two sophisticated telecom surveillance campaigns and, for the first time, links real-world attack traffic to mobile operator signalling infrastructure. The findings expose how suspected commercial surveillance vendors (CSVs) exploit…
❤6🎃4👏3
Morpheus: A new Spyware linked to IPS Intelligence
https://osservatorionessuno.org/blog/2026/04/morpheus-a-new-spyware-linked-to-ips-intelligence/
https://osservatorionessuno.org/blog/2026/04/morpheus-a-new-spyware-linked-to-ips-intelligence/
osservatorionessuno.org
Osservatorio Nessuno
Morpheus: A new Spyware linked to IPS Intelligence
❤9👍5