New Android BEERUS framework for dynamic analysis & reverse engineering
BEERUS brings Frida auto-injection, sandbox exfiltration, memory dumps, Magisk integration and more for on device app analysis.
https://github.com/hakaioffsec/beerus-android
BEERUS brings Frida auto-injection, sandbox exfiltration, memory dumps, Magisk integration and more for on device app analysis.
https://github.com/hakaioffsec/beerus-android
π20π₯13π€£4β€3π1
0-click vulnerability in Dolby's DDPlus decoder affected Android (CVE-2025-54957)
A malformed audio file can trigger an out-of-bounds write due to integer overflow in evolution data handlingβleading to memory corruption and crashes.
Android decodes audio messages locally, making this exploitable without user interaction.
Reproduction: Just send a crafted RCS voice message (dolby_android_crash.mp4)
Details: https://project-zero.issues.chromium.org/issues/428075495
A malformed audio file can trigger an out-of-bounds write due to integer overflow in evolution data handlingβleading to memory corruption and crashes.
Android decodes audio messages locally, making this exploitable without user interaction.
Reproduction: Just send a crafted RCS voice message (dolby_android_crash.mp4)
Details: https://project-zero.issues.chromium.org/issues/428075495
π€―20β€11π4π₯3π2
MCGDroid: An Android Malware Classification Method Based on Multi-Feature Class-Call Graph Characterization
https://www.sciencedirect.com/science/article/abs/pii/S016740482500402X
https://www.sciencedirect.com/science/article/abs/pii/S016740482500402X
β‘9π4π€3π1
EnFeSTDroid: Ensembled feature selection techniques based Android malware detection
https://www.sciencedirect.com/science/article/pii/S0045790625007062
https://www.sciencedirect.com/science/article/pii/S0045790625007062
π8π2
A vulnerability in DuckDuckGoβs Android browser allows file exfiltration via malicious intent:// URLs to gain access to a victimβs Sync account data such as account credentials and email protection information (CVE-2025-48464)
https://tuxplorer.com/posts/dont-leave-me-outdated/
https://tuxplorer.com/posts/dont-leave-me-outdated/
π₯25π6π3π€‘3
Account takeover in Android app via JavaScript bridge
A misconfigured addJavascriptInterface + flawed domain validation + javascript:// trick enabled full cookie exfiltration via WebView.
Exploit chain: JSB dispatcher β file access handler β bypass via newline injection.
Payload:
Delivered via deeplink.
Executed JSB call to toBase64.
Read Cookies file from app sandbox.
Exfiltrated session data via callback.
https://tuxplorer.com/posts/account-takeover-via-jsb/
A misconfigured addJavascriptInterface + flawed domain validation + javascript:// trick enabled full cookie exfiltration via WebView.
Exploit chain: JSB dispatcher β file access handler β bypass via newline injection.
Payload:
Delivered via deeplink.
Executed JSB call to toBase64.
Read Cookies file from app sandbox.
Exfiltrated session data via callback.
https://tuxplorer.com/posts/account-takeover-via-jsb/
π10π₯5β€1
Forwarded from The Bug Bounty Hunter
Practical Android Pentesting: A Case Study on TikTok RCE
https://dphoeniixx.medium.com/practical-android-pentesting-a-case-study-on-tiktok-rce-4a82e79cc7c6
https://dphoeniixx.medium.com/practical-android-pentesting-a-case-study-on-tiktok-rce-4a82e79cc7c6
Medium
Practical Android Pentesting: A Case Study on TikTok RCE
From Universal XSS to native library hijacking: A comprehensive guide to Android exploitation using WebViews, Intent abuse, and Zip Slip.
β€19π₯7π1
Patching Android ARM64 library initializers for easy Frida instrumentation and debugging
https://blog.nviso.eu/2025/10/14/patching-android-arm64-library-initializers-for-easy-frida-instrumentation-and-debugging/
https://blog.nviso.eu/2025/10/14/patching-android-arm64-library-initializers-for-easy-frida-instrumentation-and-debugging/
NVISO Labs
Patching Android ARM64 libraries for Frida instrumentation
Discover techniques for Android ARM64 library patching and Frida instrumentation.
β€17π4π3
HyperRat β A New Android RAT Sold On Cybercrime Networks
https://iverify.io/blog/hyperrat-a-new-android-rat-sold-on-cybercrime-networks
https://iverify.io/blog/hyperrat-a-new-android-rat-sold-on-cybercrime-networks
iverify.io
HyperRat β A New Android RAT Sold On Cybercrime Networks
Discover HyperRat, an Android remote access tool being sold on cybercrime forums. Learn about its features, how it operates, and its impact on cybersecurity.ο»Ώ
β€12π€¨3π€¬2π1π₯1π©1π€‘1
Modding And Distributing Mobile Apps with Frida
https://pit.bearblog.dev/modding-and-distributing-mobile-apps-with-frida/
https://pit.bearblog.dev/modding-and-distributing-mobile-apps-with-frida/
Pit'sΒ Proof Of Concept
Modding And Distributing Mobile Apps with Frida
Walkthrough of how to embed frida scripts in apps to distribute proper mods. Supports frida 17+.
β€5π₯°5π3π2
Android backdoor hijacks Telegram accounts, gaining complete control over them
https://news.drweb.com/show/?i=15076&lng=en&c=5
https://news.drweb.com/show/?i=15076&lng=en&c=5
Dr.Web
Baohuo, the gray eminence. Android backdoor hijacks Telegram accounts, gaining complete control over them
Doctor Web has identified a dangerous backdoor, <a href="https://vms.drweb.com/virus/?i=30931101&lng=en"><strong>Android.Backdoor.Baohuo.1.origin</strong></a>, in maliciously modified versions of the Telegram X messenger. In addition to being able to stealβ¦
β€9π4π±3π1
How 1-click iOS exploit chains work (WebKit exploitation basics)
https://youtu.be/o6mVgygo-hk
https://youtu.be/o6mVgygo-hk
YouTube
How 1-Click Can Exploit Your iPhone
Are you a security researcher or reverse engineer? Get 50% off your next IDA license purchase with discount code BILLY50.
To activate your 50% product discount, click "Get a quote" in the web shop (under "Order & Pay), or email sales@hex-rays.com. Make sureβ¦
To activate your 50% product discount, click "Get a quote" in the web shop (under "Order & Pay), or email sales@hex-rays.com. Make sureβ¦
π14β€11π2
Vulnerability in Google Messages for Wear OS resulted in invoking intents to send messages without permission (CVE-2025-12080) and awarded $2,250.00 by Google
Blog: https://towerofhanoi.it/writeups/cve-2025-12080/
PoC: https://github.com/io-no/CVE-Reports/tree/main/CVE-2025-12080
Blog: https://towerofhanoi.it/writeups/cve-2025-12080/
PoC: https://github.com/io-no/CVE-Reports/tree/main/CVE-2025-12080
β€18π5π₯3
New Android Malware Herodotus Mimics Human Behaviour to Evade Detection
https://www.threatfabric.com/blogs/new-android-malware-herodotus-mimics-human-behaviour-to-evade-detection
https://www.threatfabric.com/blogs/new-android-malware-herodotus-mimics-human-behaviour-to-evade-detection
ThreatFabric
New Android Malware Herodotus Mimics Human Behaviour to Evade Detection
ThreatFabric has uncovered Herodotus, a new mobile malware family that aims to disrupt how fraud is done and tries to act human.
π6β€2
GhostGrab is a new Android malware blending crypto mining with banking credential theft.
It hijacks SMS OTPs, harvests PII, and runs a hidden Monero minerβdraining battery while stealing funds.
It compromised over 30 devices and C&C server leaks over 2800 victim SMS
https://www.cyfirma.com/research/ghostgrab-android-malware/
It hijacks SMS OTPs, harvests PII, and runs a hidden Monero minerβdraining battery while stealing funds.
It compromised over 30 devices and C&C server leaks over 2800 victim SMS
https://www.cyfirma.com/research/ghostgrab-android-malware/
π±14β€4π4π4π1
[beginners] Deep dive into Android Pentesting
Covered everything from static & dynamic analysis, Frida, Drozer, SSL pinning bypass, deep links, broadcast receivers, and more
If you're into mobile security, this one's packed with real-world scenarios & tools
https://coal-memory-97b.notion.site/Android-Pentest-1f6923af30cc80bdafa4f3c581f4c5f8
Covered everything from static & dynamic analysis, Frida, Drozer, SSL pinning bypass, deep links, broadcast receivers, and more
If you're into mobile security, this one's packed with real-world scenarios & tools
https://coal-memory-97b.notion.site/Android-Pentest-1f6923af30cc80bdafa4f3c581f4c5f8
β€15π2