The Android malware-as-a-service (MaaS) ecosystem continues to evolve with increasingly sophisticated threats designed to evade security measures while maintaining operational simplicity for would-be attackers.

On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and streaming services like Netflix, ESPN and Hulu, all for…

Pi‑hole is a network‑level ad and tracker blocker. Instead of installing ad‑blockers on each device, Pi‑hole runs as your DNS server, intercepting domain lookups and returning a null/blocked response for domains on curated blocklists.

CRIL uncovers RelayNFC, a malware leveraging Near-Field Communication (NFC) to intercept and relay contactless payment data.

A complete walkthrough of the 8ksec "FridaInTheMiddle" challenge: bypassing Frida detection, hooking Swift functions, and intercepting arguments on a jailbroken iPhone.

Hunting potential C2 commands in Android malware via Smali string comparison and control flow

Presented at the VB2025 conference in Berlin, 24 - 26 September 2025.
↓ Slides: https://www.virusbulletin.com/uploads/pdf/conference/vb2025/slides/Slides-Hunting…

An in-depth Bug Bounty guide to performing reconnaissance on Android apps – from extracting APKs to mapping endpoints, secrets and vulnerable components.

Here we go again! Today we will be talking about SSL Pinning Bypass in Android. Due the recent cybersecurity congress that I have assisted...

Joseph Jarnecki outlines the highest priority cyberthreats against consumer mobile devices and considers potential strategies to mitigate and address the threat.

Albiriox is a newly identified Android malware family offered as a Malware-as-a-Service, and enabling TAs to perform On-Device Fraud through remote control, screen manipulation, and real-time interaction with the infected device. Read more in this report.

Command-line tool that allows searching and downloading app packages (known as ipa files) from the iOS App Store - majd/ipatool

It’s a tiny hacking implant hidden inside a cable. Plug it into a computer, and it pretends to be a keyboard. Then it starts typing — fast. We’re talking up to 1,000 keystrokes per minute, all automated.

A journey of learning C and reverse engineering to be more efficiently lazy

Complete Android application security testing guide: Static & dynamic testing, root detection bypass, SSL pinning, and common vuln…

A deep dive into GoldFactory’s evolving mobile fraud campaigns across APAC, including modified banking apps, new malware variants such as Gigaflower, shared criminal infrastructure, and insights from the Group-IB Fraud Matrix, with recommendations for organizations…

EXECUTIVE SUMMARY At Cyfirma, we are committed to providing up-to-date insights into current threats and the tactics used by malicious...

true