Intent redirection vulnerability in third-party EngageLab SDK exposed millions of Android wallets to potential risk
https://www.microsoft.com/en-us/security/blog/2026/04/09/intent-redirection-vulnerability-third-party-sdk-android/
https://www.microsoft.com/en-us/security/blog/2026/04/09/intent-redirection-vulnerability-third-party-sdk-android/
Microsoft News
Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk
A severe Android intentโredirection vulnerability in a widely deployed SDK exposed sensitive user data across millions of apps. Microsoft researchers detail how the flaw works, why it matters, and how developers can mitigate similar risks by updating affectedโฆ
๐8โค4
Mirax: a new Android RAT turning infected devices into potential residential proxy nodes
https://www.cleafy.com/cleafy-labs/mirax-a-new-android-rat-turning-infected-devices-into-potential-residential-proxy-nodes
https://www.cleafy.com/cleafy-labs/mirax-a-new-android-rat-turning-infected-devices-into-potential-residential-proxy-nodes
Cleafy
Mirax: a new Android RAT turning infected devices into potential residential proxy nodes
Mirax, a new Android RAT and banking malware operating as a private MaaS is actively targeting Spanish-speaking countries via Meta ad campaigns.
๐15โค4
Giving an Agent a Rooted Android Phone
https://workers.io/blog/autonomous-mobile-pentesting/
https://workers.io/blog/autonomous-mobile-pentesting/
Workers IO
Giving an Agent a Rooted Android Phone
So what actually happens if you hand an AI agent root access to an Android phone, plus a runtime hooking framework? In this case, it went straight to reverse-engineering Subway Surfers and figured out how to rack up unlimited coins.
โค14๐3๐พ1
Pre-installed C2 Infrastructure and RAT Payload on Android Projectors
https://github.com/Kavan00/Android-Projector-C2-Malware
https://github.com/Kavan00/Android-Projector-C2-Malware
GitHub
GitHub - Kavan00/Android-Projector-C2-Malware: Breakdown of a c2-network of chinese beamers - SilentSDK-Analysis
Breakdown of a c2-network of chinese beamers - SilentSDK-Analysis - Kavan00/Android-Projector-C2-Malware
๐10โค3๐1
Reversing XAMARIN Mobile Applications
https://mrbypass.medium.com/reversing-xamarin-mobile-applications-3910a857444d
https://mrbypass.medium.com/reversing-xamarin-mobile-applications-3910a857444d
Medium
๐ Reversing XAMARIN Mobile Applications
๐ฑ What is XAMARIN?
๐10
MalFixer: toolkit for inspecting and recovering malformed Android APK files (repairs corrupted ZIP entries, decodes and reconstructs malformed Android manifests, and extracts or sanitises problematic asset files)
https://github.com/Cleafy/Malfixer
https://github.com/Cleafy/Malfixer
GitHub
GitHub - Cleafy/Malfixer: MalFixer is a comprehensive toolkit for inspecting and recovering malformed Android APK files
MalFixer is a comprehensive toolkit for inspecting and recovering malformed Android APK files - Cleafy/Malfixer
โค17๐คฃ4โก1
Android Bankers: 4 Campaigns In A Row
https://zimperium.com/blog/android-bankers-4-campaigns-in-a-row
https://zimperium.com/blog/android-bankers-4-campaigns-in-a-row
Zimperium
Android Bankers: 4 Campaigns In A Row
true
โค9๐1
Lorikazz: An Android TV and STB botnet using Tor .onion C2, ENS resolution, and bundled ELF payloads disguised as system libraries to hijack set-top boxes for proxyware operations
https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2026-04-13-LORIKAZZ-ANDROID-IOT.txt
https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2026-04-13-LORIKAZZ-ANDROID-IOT.txt
GitHub
Unit42-timely-threat-intel/2026-04-13-LORIKAZZ-ANDROID-IOT.txt at main ยท PaloAltoNetworks/Unit42-timely-threat-intel
A collection of files with indicators supporting social media posts from Palo Alto Network's Unit 42 team to disseminate timely threat intelligence. - PaloAltoNetworks/Unit42-timely-threat-intel
โค9๐4
MiningDropper โ A Global Modular Android Malware Campaign Operating at Scale
https://cyble.com/blog/miningdropper-global-modular-android-malware/
https://cyble.com/blog/miningdropper-global-modular-android-malware/
Cyble
MiningDropper: A Global Android Malware Campaign
Cyble analyzes a surge in an ongoing campaign to deliver MiningDropper โ a modular Android malware framework - at scale.
๐9โค2
FakeWallet crypto stealer spreading through iOS apps in the App Store
https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/
https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/
โค11๐3
New NGate variant hides in a trojanized NFC payment app
https://www.welivesecurity.com/en/eset-research/new-ngate-variant-hides-in-a-trojanized-nfc-payment-app/
https://www.welivesecurity.com/en/eset-research/new-ngate-variant-hides-in-a-trojanized-nfc-payment-app/
Welivesecurity
New NGate variant hides in a trojanized NFC payment app
ESET researchers discover another iteration of NGate malware, this time possibly developed with the assistance of AI.
๐ฑ10โค3๐1
Bad Connection: Uncovering how global mobile networks themselves have become surveillance infrastructure to spy on location of targets
https://citizenlab.ca/research/uncovering-global-telecom-exploitation-by-covert-surveillance-actors/
https://citizenlab.ca/research/uncovering-global-telecom-exploitation-by-covert-surveillance-actors/
The Citizen Lab
The Citizen Lab Bad Connection: Uncovering Global Telecom Exploitation by Covert Surveillance Actors
Our investigation uncovers two sophisticated telecom surveillance campaigns and, for the first time, links real-world attack traffic to mobile operator signalling infrastructure. The findings expose how suspected commercial surveillance vendors (CSVs) exploitโฆ
โค6๐4๐3
Morpheus: A new Spyware linked to IPS Intelligence
https://osservatorionessuno.org/blog/2026/04/morpheus-a-new-spyware-linked-to-ips-intelligence/
https://osservatorionessuno.org/blog/2026/04/morpheus-a-new-spyware-linked-to-ips-intelligence/
osservatorionessuno.org
Osservatorio Nessuno
Morpheus: A new Spyware linked to IPS Intelligence
โค9๐5
KYCShadow: An Android Banking Malware Exploiting Fake KYC Workflows for Credential and OTP Theft
https://www.cyfirma.com/research/kycshadow-an-android-banking-malware-exploiting-fake-kyc-workflows-for-credential-and-otp-theft/
https://www.cyfirma.com/research/kycshadow-an-android-banking-malware-exploiting-fake-kyc-workflows-for-credential-and-otp-theft/
CYFIRMA
KYCShadow: An Android Banking Malware Exploiting Fake KYC Workflows for Credential and OTP Theft - CYFIRMA
Executive Summary This report presents an analysis of an Android malware masquerading as a bank KYC verification application, distributed via...
๐5
apk-info: APK full-featured parser
https://github.com/delvinru/apk-info
https://github.com/delvinru/apk-info
GitHub
GitHub - delvinru/apk-info: APK full-featured parser
APK full-featured parser. Contribute to delvinru/apk-info development by creating an account on GitHub.
โค18๐ฉ4๐ฅ2๐คฎ2๐คก1๐1๐1
This media is not supported in your browser
VIEW IN TELEGRAM
A Five- Bug Chain to Arbitrary APK Install on Samsung S25
https://bugscale.ch/blog/here-we-go-again-a-five-bug-chain-to-arbitrary-apk-install-on-samsung-s25/
https://bugscale.ch/blog/here-we-go-again-a-five-bug-chain-to-arbitrary-apk-install-on-samsung-s25/
โค12๐ฅ5๐4
FEMITBOT: Abuse of Telegram Mini Apps for Large-Scale Fraud Campaigns
https://www.ctm360.com/reports/femitbot-telegram-mini-apps-fraud-campaigns
https://www.ctm360.com/reports/femitbot-telegram-mini-apps-fraud-campaigns
Ctm360
FEMITBOT: Telegram Mini Apps Fraud Report | CTM360
CTM360 report on FEMITBOT abuse of Telegram Mini Apps for large-scale fraud campaigns targeting crypto and financial platforms. Download the full report.
๐8โค2
Mirai: Botnet Hijacks ADB-Exposed Android Devices to Target Minecraft Servers
https://hunt.io/blog/xlabs-v1-ddos-for-hire-operation-exposed
https://hunt.io/blog/xlabs-v1-ddos-for-hire-operation-exposed
hunt.io
xlabs_v1 DDoS-for-Hire Operation Exposed: How an Operator's Debug Build Unraveled a Commercial Game-Server Botnet
A publicly exposed debug build unraveled xlabs_v1, a commercial game-server DDoS-for-hire botnet with 21 flood variants running on bulletproof infrastructure.
โก4โค1
Supply-chain attack by North Korea ScarCruft APT group targeting the Yanbian region via backdoor-laced Windows and Android games
https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/
https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/
Welivesecurity
A rigged game: ScarCruft compromises gaming platform in a supply-chain attack
ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via backdoor-laced Windows and Android games.
๐ฅ5