Mirax: a new Android RAT turning infected devices into potential residential proxy nodes
https://www.cleafy.com/cleafy-labs/mirax-a-new-android-rat-turning-infected-devices-into-potential-residential-proxy-nodes
https://www.cleafy.com/cleafy-labs/mirax-a-new-android-rat-turning-infected-devices-into-potential-residential-proxy-nodes
Cleafy
Mirax: a new Android RAT turning infected devices into potential residential proxy nodes
Mirax, a new Android RAT and banking malware operating as a private MaaS is actively targeting Spanish-speaking countries via Meta ad campaigns.
๐15โค4
Giving an Agent a Rooted Android Phone
https://workers.io/blog/autonomous-mobile-pentesting/
https://workers.io/blog/autonomous-mobile-pentesting/
Workers IO
Giving an Agent a Rooted Android Phone
So what actually happens if you hand an AI agent root access to an Android phone, plus a runtime hooking framework? In this case, it went straight to reverse-engineering Subway Surfers and figured out how to rack up unlimited coins.
โค14๐3๐พ1
Pre-installed C2 Infrastructure and RAT Payload on Android Projectors
https://github.com/Kavan00/Android-Projector-C2-Malware
https://github.com/Kavan00/Android-Projector-C2-Malware
GitHub
GitHub - Kavan00/Android-Projector-C2-Malware: Breakdown of a c2-network of chinese beamers - SilentSDK-Analysis
Breakdown of a c2-network of chinese beamers - SilentSDK-Analysis - Kavan00/Android-Projector-C2-Malware
๐10โค3๐1
Reversing XAMARIN Mobile Applications
https://mrbypass.medium.com/reversing-xamarin-mobile-applications-3910a857444d
https://mrbypass.medium.com/reversing-xamarin-mobile-applications-3910a857444d
Medium
๐ Reversing XAMARIN Mobile Applications
๐ฑ What is XAMARIN?
๐10
MalFixer: toolkit for inspecting and recovering malformed Android APK files (repairs corrupted ZIP entries, decodes and reconstructs malformed Android manifests, and extracts or sanitises problematic asset files)
https://github.com/Cleafy/Malfixer
https://github.com/Cleafy/Malfixer
GitHub
GitHub - Cleafy/Malfixer: MalFixer is a comprehensive toolkit for inspecting and recovering malformed Android APK files
MalFixer is a comprehensive toolkit for inspecting and recovering malformed Android APK files - Cleafy/Malfixer
โค17๐คฃ4โก1
Android Bankers: 4 Campaigns In A Row
https://zimperium.com/blog/android-bankers-4-campaigns-in-a-row
https://zimperium.com/blog/android-bankers-4-campaigns-in-a-row
Zimperium
Android Bankers: 4 Campaigns In A Row
true
โค9๐1
Lorikazz: An Android TV and STB botnet using Tor .onion C2, ENS resolution, and bundled ELF payloads disguised as system libraries to hijack set-top boxes for proxyware operations
https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2026-04-13-LORIKAZZ-ANDROID-IOT.txt
https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2026-04-13-LORIKAZZ-ANDROID-IOT.txt
GitHub
Unit42-timely-threat-intel/2026-04-13-LORIKAZZ-ANDROID-IOT.txt at main ยท PaloAltoNetworks/Unit42-timely-threat-intel
A collection of files with indicators supporting social media posts from Palo Alto Network's Unit 42 team to disseminate timely threat intelligence. - PaloAltoNetworks/Unit42-timely-threat-intel
โค9๐4
MiningDropper โ A Global Modular Android Malware Campaign Operating at Scale
https://cyble.com/blog/miningdropper-global-modular-android-malware/
https://cyble.com/blog/miningdropper-global-modular-android-malware/
Cyble
MiningDropper: A Global Android Malware Campaign
Cyble analyzes a surge in an ongoing campaign to deliver MiningDropper โ a modular Android malware framework - at scale.
๐9โค2
FakeWallet crypto stealer spreading through iOS apps in the App Store
https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/
https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/
โค11๐3
New NGate variant hides in a trojanized NFC payment app
https://www.welivesecurity.com/en/eset-research/new-ngate-variant-hides-in-a-trojanized-nfc-payment-app/
https://www.welivesecurity.com/en/eset-research/new-ngate-variant-hides-in-a-trojanized-nfc-payment-app/
Welivesecurity
New NGate variant hides in a trojanized NFC payment app
ESET researchers discover another iteration of NGate malware, this time possibly developed with the assistance of AI.
๐ฑ10โค3๐1
Bad Connection: Uncovering how global mobile networks themselves have become surveillance infrastructure to spy on location of targets
https://citizenlab.ca/research/uncovering-global-telecom-exploitation-by-covert-surveillance-actors/
https://citizenlab.ca/research/uncovering-global-telecom-exploitation-by-covert-surveillance-actors/
The Citizen Lab
The Citizen Lab Bad Connection: Uncovering Global Telecom Exploitation by Covert Surveillance Actors
Our investigation uncovers two sophisticated telecom surveillance campaigns and, for the first time, links real-world attack traffic to mobile operator signalling infrastructure. The findings expose how suspected commercial surveillance vendors (CSVs) exploitโฆ
โค6๐4๐3
Morpheus: A new Spyware linked to IPS Intelligence
https://osservatorionessuno.org/blog/2026/04/morpheus-a-new-spyware-linked-to-ips-intelligence/
https://osservatorionessuno.org/blog/2026/04/morpheus-a-new-spyware-linked-to-ips-intelligence/
osservatorionessuno.org
Osservatorio Nessuno
Morpheus: A new Spyware linked to IPS Intelligence
โค9๐5
KYCShadow: An Android Banking Malware Exploiting Fake KYC Workflows for Credential and OTP Theft
https://www.cyfirma.com/research/kycshadow-an-android-banking-malware-exploiting-fake-kyc-workflows-for-credential-and-otp-theft/
https://www.cyfirma.com/research/kycshadow-an-android-banking-malware-exploiting-fake-kyc-workflows-for-credential-and-otp-theft/
CYFIRMA
KYCShadow: An Android Banking Malware Exploiting Fake KYC Workflows for Credential and OTP Theft - CYFIRMA
Executive Summary This report presents an analysis of an Android malware masquerading as a bank KYC verification application, distributed via...
๐5
apk-info: APK full-featured parser
https://github.com/delvinru/apk-info
https://github.com/delvinru/apk-info
GitHub
GitHub - delvinru/apk-info: APK full-featured parser
APK full-featured parser. Contribute to delvinru/apk-info development by creating an account on GitHub.
โค18๐ฉ4๐ฅ2๐คฎ2๐คก1๐1๐1
This media is not supported in your browser
VIEW IN TELEGRAM
A Five- Bug Chain to Arbitrary APK Install on Samsung S25
https://bugscale.ch/blog/here-we-go-again-a-five-bug-chain-to-arbitrary-apk-install-on-samsung-s25/
https://bugscale.ch/blog/here-we-go-again-a-five-bug-chain-to-arbitrary-apk-install-on-samsung-s25/
โค12๐ฅ5๐4
FEMITBOT: Abuse of Telegram Mini Apps for Large-Scale Fraud Campaigns
https://www.ctm360.com/reports/femitbot-telegram-mini-apps-fraud-campaigns
https://www.ctm360.com/reports/femitbot-telegram-mini-apps-fraud-campaigns
Ctm360
FEMITBOT: Telegram Mini Apps Fraud Report | CTM360
CTM360 report on FEMITBOT abuse of Telegram Mini Apps for large-scale fraud campaigns targeting crypto and financial platforms. Download the full report.
๐8โค2
Mirai: Botnet Hijacks ADB-Exposed Android Devices to Target Minecraft Servers
https://hunt.io/blog/xlabs-v1-ddos-for-hire-operation-exposed
https://hunt.io/blog/xlabs-v1-ddos-for-hire-operation-exposed
hunt.io
xlabs_v1 DDoS-for-Hire Operation Exposed: How an Operator's Debug Build Unraveled a Commercial Game-Server Botnet
A publicly exposed debug build unraveled xlabs_v1, a commercial game-server DDoS-for-hire botnet with 21 flood variants running on bulletproof infrastructure.
โก4โค1
Supply-chain attack by North Korea ScarCruft APT group targeting the Yanbian region via backdoor-laced Windows and Android games
https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/
https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/
Welivesecurity
A rigged game: ScarCruft compromises gaming platform in a supply-chain attack
ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via backdoor-laced Windows and Android games.
๐ฅ5