FEMITBOT: Abuse of Telegram Mini Apps for Large-Scale Fraud Campaigns
https://www.ctm360.com/reports/femitbot-telegram-mini-apps-fraud-campaigns
https://www.ctm360.com/reports/femitbot-telegram-mini-apps-fraud-campaigns
Ctm360
FEMITBOT: Telegram Mini Apps Fraud Report | CTM360
CTM360 report on FEMITBOT abuse of Telegram Mini Apps for large-scale fraud campaigns targeting crypto and financial platforms. Download the full report.
๐11โค3๐1
Mirai: Botnet Hijacks ADB-Exposed Android Devices to Target Minecraft Servers
https://hunt.io/blog/xlabs-v1-ddos-for-hire-operation-exposed
https://hunt.io/blog/xlabs-v1-ddos-for-hire-operation-exposed
hunt.io
xlabs_v1 DDoS-for-Hire Operation Exposed: How an Operator's Debug Build Unraveled a Commercial Game-Server Botnet
A publicly exposed debug build unraveled xlabs_v1, a commercial game-server DDoS-for-hire botnet with 21 flood variants running on bulletproof infrastructure.
โค7โก4๐1๐1
Supply-chain attack by North Korea ScarCruft APT group targeting the Yanbian region via backdoor-laced Windows and Android games
https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/
https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/
Welivesecurity
A rigged game: ScarCruft compromises gaming platform in a supply-chain attack
ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via backdoor-laced Windows and Android games.
๐ฅ10๐1
Fake call logs, real payments: How CallPhantom tricks Android users
https://www.welivesecurity.com/en/eset-research/fake-call-logs-real-payments-how-callphantom-tricks-android-users/
https://www.welivesecurity.com/en/eset-research/fake-call-logs-real-payments-how-callphantom-tricks-android-users/
Welivesecurity
Fake call logs, real payments: How CallPhantom tricks Android users
ESET researchers uncovered fraudulent apps on Google Play that claim to provide the call history โfor any numberโ and had been downloaded more than seven million times before being taken down.
๐คฃ8๐4โค3โก1๐1
[beginners] Android Pentesting Skill
https://github.com/DragonJAR/Android-Pentesting-Skill
https://github.com/DragonJAR/Android-Pentesting-Skill
GitHub
GitHub - DragonJAR/Android-Pentesting-Skill: Skill de Pentesting para Android
Skill de Pentesting para Android. Contribute to DragonJAR/Android-Pentesting-Skill development by creating an account on GitHub.
๐ฅ13โค8๐1๐1
New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps
https://www.threatfabric.com/blogs/new-trickmo-variant-device-take-over-malware-targeting-banking-fintech-wallet-auth-app
https://www.threatfabric.com/blogs/new-trickmo-variant-device-take-over-malware-targeting-banking-fintech-wallet-auth-app
ThreatFabric
New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps
Perseus is a new Device Takeover (DTO) malware family that specifically looks for user-generated content stored in note taking applications.
โค7๐4
New Android interception tool for component communication (IPC) mapping called #noxen for pentesters and bug bounty hunters
Test: https://youtube.com/shorts/JitFuNRCOJ8
Download: https://github.com/frankheat/noxen
Test: https://youtube.com/shorts/JitFuNRCOJ8
Download: https://github.com/frankheat/noxen
YouTube
Android interception tool for component communication (IPC) mapping | noxen | pentest
noxen is an Android runtime interception tool for security research. It uses Frida to hook Java methods in live apps, map component communication, and captur...
๐21โค11๐ฅ5
How hard can it be to build Frida natively on Android in Termux (without NDK)?
https://qbtau.in/posts/building_frida_on_termux/
https://qbtau.in/posts/building_frida_on_termux/
Abhi's Blog
How hard can it be to build Frida natively on Android/Termux(without NDK?)
Seriously, How hard can it be?
โค14๐3๐2
Android ZeroโClick RCE via Wireless Debugging (CVEโ2026โ0073) + demos
Blog: https://www.mobile-hacker.com/2026/05/12/android-rce-via-wireless-debugging-from-network-access-to-shell/
Video: https://youtu.be/ihEIr0wWklk
Blog: https://www.mobile-hacker.com/2026/05/12/android-rce-via-wireless-debugging-from-network-access-to-shell/
Video: https://youtu.be/ihEIr0wWklk
YouTube
Android ZeroโClick RCE via Wireless Debugging | CVEโ2026โ0073 Demo
In this video, I break down a critical Android vulnerability ( CVEโ2026โ0073 ) affecting modern versions of Android (14, 15, 16), where a flaw in ADBโs authentication logic can allow an attacker on the same network to gain shell access without user interaction.โฆ
โค23๐4
Android Intrusion Logging as a new source of data for forensic analysis
https://securitylab.amnesty.org/latest/2026/05/android-intrusion-logging-as-a-new-source-of-data-for-consensual-forensic-analysis/
https://securitylab.amnesty.org/latest/2026/05/android-intrusion-logging-as-a-new-source-of-data-for-consensual-forensic-analysis/
Amnesty International Security Lab
Android Intrusion Logging as a new source of data for consensual forensic analysis - Amnesty International Security Lab
Google has today announced the launch of a new โAndroid Intrusion Loggingโ feature as part of Android Advanced Protection Mode (AAPM). The new intrusion logging feature promises to be a major aid to digital forensics researchers undertaking investigationsโฆ
๐12โก2๐ฉ2๐1
Inside the Fake RTO Challan Checker: How I Uncovered a Sophisticated Android Spyware Targeting Indians
Part 1: https://medium.com/@singhbkn07/inside-the-fake-rto-challan-checker-how-i-uncovered-a-sophisticated-android-spyware-targeting-8f2da6a9a5a0
Part 2: https://medium.com/@singhbkn07/fake-rto-challan-checker-part-2-cracking-the-payload-mapping-the-operator-and-why-this-is-3eb78e512d7f
Part 1: https://medium.com/@singhbkn07/inside-the-fake-rto-challan-checker-how-i-uncovered-a-sophisticated-android-spyware-targeting-8f2da6a9a5a0
Part 2: https://medium.com/@singhbkn07/fake-rto-challan-checker-part-2-cracking-the-payload-mapping-the-operator-and-why-this-is-3eb78e512d7f
Medium
Inside the Fake RTO Challan Checker: How I Uncovered a Sophisticated Android Spyware Targeting Indians
A full technical teardown of a malware campaign hiding behind Indiaโs traffic fine system
๐ฅ5๐3โค2๐2๐2
APKShield-PT: Auto Root Detection & SSL Pinning Bypass with Frida Script Generation
https://github.com/Whitehat987/apkshield-pt
https://github.com/Whitehat987/apkshield-pt
GitHub
GitHub - Whitehat987/apkshield-pt: Android Penetration Testing Tool โ Auto Root Detection & SSL Pinning Bypass with Frida Scriptโฆ
Android Penetration Testing Tool โ Auto Root Detection & SSL Pinning Bypass with Frida Script Generation - Whitehat987/apkshield-pt
๐ฅ8๐2๐ฉ2๐คฃ1๐1๐พ1
An Android VPN apps can be bypassed and leak IP
https://lowlevel.fun/posts/tiny-udp-cannon-android-vpn-bypass/
https://lowlevel.fun/posts/tiny-udp-cannon-android-vpn-bypass/
lowlevel.fun
The Tiny UDP Cannon: An Android VPN Bypass
An unprivileged Android app can leak the user's real IP past Always-On VPN + lockdown by handing system_server a UDP payload to fire on its behalf.
๐9๐6๐ค2๐คฌ1๐1
NFC Relay Goes Local: How AI Is Accelerating a New Wave of Independent Malware Developers
https://www.cleafy.com/cleafy-labs/nfc-relay-goes-local-how-ai-is-accelerating-a-new-wave-of-independent-malware-developers
https://www.cleafy.com/cleafy-labs/nfc-relay-goes-local-how-ai-is-accelerating-a-new-wave-of-independent-malware-developers
Cleafy
NFC Relay Goes Local: How AI Is Accelerating a New Wave of Independent Malware Developers | Cleafy
Cleafy's TIR team identified and analyzed two previously undocumented Android NFC relay malware families, DevilNFC and NFCMultiPay, actively targeting European and LATAM banking customers.
๐8โค1
Reverse engineering Android malware with Claude Code
https://zanestjohn.com/blog/reing-with-claude-code
https://zanestjohn.com/blog/reing-with-claude-code
Zanestjohn
Reverse engineering Android malware with Claude Code - Zane St. John
I pointed an autonomous coding agent at a $35 projector. It found a big RAT.
โค11๐2๐พ1
Trapdoor Funnels Malvertising into Ad Fraud
https://www.humansecurity.com/learn/resource/satori-threat-intelligence-alert-trapdoor-funnels-malvertising-into-ad-fraud/
https://www.humansecurity.com/learn/resource/satori-threat-intelligence-alert-trapdoor-funnels-malvertising-into-ad-fraud/
๐5โค1
Premium Deception: Uncovering a Global Android Carrier Billing Fraud Campaign
https://zimperium.com/blog/premium-deception-uncovering-a-global-android-carrier-billing-fraud-campaign
https://zimperium.com/blog/premium-deception-uncovering-a-global-android-carrier-billing-fraud-campaign
Zimperium
Premium Deception: Uncovering a Global Android Carrier Billing Fraud Campaign
true
๐3๐1๐ฅ1
The Flipper One: Hacking Gadget is Becoming a Pocket Linux PC [video]
https://www.mobile-hacker.com/2026/05/20/the-flipper-one-hacking-gadget-is-becoming-a-pocket-linux-pc/
https://www.mobile-hacker.com/2026/05/20/the-flipper-one-hacking-gadget-is-becoming-a-pocket-linux-pc/
๐8
Comparing 3D printed Flipper One model to Zero
https://www.youtube.com/shorts/qHS_kmxJKow
https://www.youtube.com/shorts/qHS_kmxJKow
YouTube
Flipper One is Becoming a Pocket Linux PC
Flipper OneBigger. More powerful. Way more capable.Flipper One is shaping up to be a serious upgradeโand weโve broken it all down in our latest video and blo...
๐ฅ5โก1