Spyrtacus: Italian Surveillanceware Targets Android via Telecom
https://www.secureblink.com/threat-research/spyrtacus-italian-surveillanceware-targets-android-via-telecom-phishing
https://www.secureblink.com/threat-research/spyrtacus-italian-surveillanceware-targets-android-via-telecom-phishing
Secureblink
Spyrtacus: Italian Surveillanceware Targets Android via Telecom Phishing | Secure Blink
SIO's Spyrtacus surveillanceware compromises Android devices via fake apps and cloned Italian telecom sites, stealing communications and media since 2018.
👍13❤1
Analysis of Android/BankBot-YNRK Mobile Banking Trojan
https://www.cyfirma.com/research/investigation-report-android-bankbot-ynrk-mobile-banking-trojan/
https://www.cyfirma.com/research/investigation-report-android-bankbot-ynrk-mobile-banking-trojan/
CYFIRMA
Investigation Report: Android/BankBot-YNRK Mobile Banking Trojan - CYFIRMA
Investigation Report: Android/BankBot-YNRK Mobile Banking Trojan Executive Summary This report covers the analysis and findings related to three Android application...
👍6🎃5
Analysis of Android DeliveryRAT
https://www.f6.ru/blog/android-deliveryrat-research/
https://www.f6.ru/blog/android-deliveryrat-research/
F6
Детали доставки: исследование новой версии Android-трояна DeliveryRAT - F6
Специалисты F6 Threat Intelligence исследовали обновленную версию ВПО DeliveryRAT, распространяемого злоумышленниками во второй половине 2025 года.
👍7❤3💩3🤮1🤡1😨1
Exploiting CVE-2025-21479 on a Samsung S23
https://xploitbengineer.github.io/CVE-2025-21479
https://xploitbengineer.github.io/CVE-2025-21479
XploitBengineer
Exploiting CVE-2025-21479 on a Samsung S23
Motivation A couple of years ago, I picked up a few of Samsung S23’s at Pwn2Own.
🌚3❤1👎1
Frida JDWP Loader
This tool dynamically attaches Frida to any debuggable Android process over JDWP, enabling runtime instrumentation without root access.
Perfect for dynamic app analysis, quick pentesting, bug bounty
https://github.com/frankheat/frida-jdwp-loader Video demo: https://x.com/androidmalware2/status/1986022672472359017
This tool dynamically attaches Frida to any debuggable Android process over JDWP, enabling runtime instrumentation without root access.
Perfect for dynamic app analysis, quick pentesting, bug bounty
https://github.com/frankheat/frida-jdwp-loader Video demo: https://x.com/androidmalware2/status/1986022672472359017
❤12👍5🔥2
Analysis of recent Android NGate malware campaign (NFC relay) in Poland
https://cert.pl/en/posts/2025/11/analiza-ngate/
Demo: https://x.com/androidmalware2/status/1986406590866727047
https://cert.pl/en/posts/2025/11/analiza-ngate/
Demo: https://x.com/androidmalware2/status/1986406590866727047
cert.pl
Analysis of NGate malware campaign (NFC relay)
CERT Polska has observed new samples of mobile malware in recent months associated with an NFC Relay (NGate) attack targeting users of Polish banks.
👍9❤6🌚2
Android Stalkerware Detection Test
https://www.eff.org/deeplinks/2025/11/eff-teams-av-comparatives-test-android-stalkerware-detection-major-antivirus-apps
https://www.eff.org/deeplinks/2025/11/eff-teams-av-comparatives-test-android-stalkerware-detection-major-antivirus-apps
👍8
Fantasy Hub: Analysis of Russian Based Android RAT as M-a-a-S
https://zimperium.com/blog/fantasy-hub-another-russian-based-rat-as-m-a-a-s
https://zimperium.com/blog/fantasy-hub-another-russian-based-rat-as-m-a-a-s
Zimperium
Fantasy Hub: Another Russian Based RAT as M-a-a-S
true
👍8
LANDFALL: New Android commercial-grade spyware targeted Samsung Galaxy devices via a WhatsApp zero-click exploit in image parsing (CVE-2025-21042)
https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/
https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/
🔥20👍3👏3❤1
Runtime Android Object Instrumentation
https://knifecoat.com/Posts/Runtime+Android+Object+Instrumentation
https://knifecoat.com/Posts/Runtime+Android+Object+Instrumentation
KnifeCoat
Runtime Android Object Instrumentation - KnifeCoat
Intro This year I have been doing quite a bit Android userland analysis. Android is a wonderful platform to work on, great decompiler support (JEB), easy access to rooted devices (unless you buy NA l…
👍6
The North Korean state-sponsored KONNI APT group is now using remote wipe tactics to erase Android devices through compromised victim computer
https://www.genians.co.kr/en/blog/threat_intelligence/android
https://www.genians.co.kr/en/blog/threat_intelligence/android
www.genians.co.kr
State-Sponsored Remote Wipe Tactics Targeting Android Devices
The Konni APT campaign has caused damage by remotely resetting Google Android-based devices, resulting in the unauthorized deletion of personal data.
👍7❤4🌚3
North Korean APT actors exploited ZipperDown vulnerability in Android apps via malicious emails.
One click → overwrite app library → full control.
https://ti.qianxin.com/blog/articles/operation-south-star-en/
One click → overwrite app library → full control.
https://ti.qianxin.com/blog/articles/operation-south-star-en/
Qianxin
奇安信威胁情报中心
Nuxt.js project
👍6
First-ever interview with one of Kali NetHunter developers @yesimxev is live!
We "sat down" and talked about:
His hacking journey.
What are the best smartphone for running NetHunter.
Two newly supported devices revealed.
A sneak peek into his brand-new podcast and more.
https://www.mobile-hacker.com/2025/11/11/inside-the-mind-of-a-kali-nethunter-developer-a-deep-dive-with-yesimxev/
We "sat down" and talked about:
His hacking journey.
What are the best smartphone for running NetHunter.
Two newly supported devices revealed.
A sneak peek into his brand-new podcast and more.
https://www.mobile-hacker.com/2025/11/11/inside-the-mind-of-a-kali-nethunter-developer-a-deep-dive-with-yesimxev/
👍6❤4
Flutter SSL Bypass: How to Intercept HTTPS Traffic When all other Frida Scripts Fail
https://m4kr0x.medium.com/flutter-tls-bypass-how-to-intercept-https-traffic-when-all-other-frida-scripts-fail-bd3d04489088
https://m4kr0x.medium.com/flutter-tls-bypass-how-to-intercept-https-traffic-when-all-other-frida-scripts-fail-bd3d04489088
Medium
Flutter SSL Bypass: How to Intercept HTTPS Traffic When all other Frida Scripts Fail
In this article, I’ll walk you through my journey in intercepting HTTPS traffic from a APK based on Flutter during a pentesting engagement…
👍15🔥6❤3🎃3
GPT Trade: Fake Google Play Store drops BTMob Spyware and UASecurity Miner on Android Devices
https://www.d3lab.net/gpt-trade-fake-google-play-store-drops-btmob-spyware-and-uasecurity-miner-on-android-devices/
https://www.d3lab.net/gpt-trade-fake-google-play-store-drops-btmob-spyware-and-uasecurity-miner-on-android-devices/
D3Lab
GPT Trade: Fake Google Play Store drops BTMob Spyware and UASecurity Miner on Android Devices
A recently discovered Android campaign leverages a fake Google Play Store to distribute GPT Trade, a malicious dropper posing as a ChatGPT-themed trading app. Once installed, the dropper silently generates and deploys two additional malware families—BTMob…
❤12👍4💩1🥴1🌚1
One of top-selling digital picture frames from Amazon’s between March and April 2025 comes:
-rooted by default
-runs Android 6
-SELinux security module disabled
-downloads and executes malicious payloads from China-based servers at boot
-17 security issues discovered
report: https://go.quokka.io/hubfs/App-Intel/Technical_Uhale-Digital-Picture-Frame-Security-Assessment.pdf
-rooted by default
-runs Android 6
-SELinux security module disabled
-downloads and executes malicious payloads from China-based servers at boot
-17 security issues discovered
report: https://go.quokka.io/hubfs/App-Intel/Technical_Uhale-Digital-Picture-Frame-Security-Assessment.pdf
😁14👍7🤯2👀2
A Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers
https://github.com/sbaresearch/whatsapp-census
https://github.com/sbaresearch/whatsapp-census
🤯16🔥8🥱4👍2
Sturnus: Mobile Banking Malware bypassing WhatsApp, Telegram and Signal Encryption
https://www.threatfabric.com/blogs/sturnus-banking-trojan-bypassing-whatsapp-telegram-and-signal
https://www.threatfabric.com/blogs/sturnus-banking-trojan-bypassing-whatsapp-telegram-and-signal
ThreatFabric
Sturnus: Mobile Banking Malware bypassing WhatsApp, Telegram and Signal Encryption
Sturnus is a privately operated Android banking trojan with many fraud-related capabilities, including Device Takeover and capturing decrypted messages.
🎃7👍3🥱2
The Phia app for iOS injects JavaScript and still collects almost every URL you visit with their Safari extension. Safari extensions even with Apple’s restrictions
https://gist.github.com/dweinstein/4d827f787ba65b5d0fd05cc9814883c4
https://gist.github.com/dweinstein/4d827f787ba65b5d0fd05cc9814883c4
Gist
phia ios app analysis (living document)
phia ios app analysis (living document). GitHub Gist: instantly share code, notes, and snippets.
👍3🤯1🤣1
WhatsApp by the Numbers
I dived into anonymized metadata published after a #WhatsApp security issue that exposed 3.5B phone numbers
-Android rules (81%)
-iOS dominates in rich markets
-Monaco = multi-account heaven
-China is niche but enterprise-heavy
https://www.mobile-hacker.com/2025/11/20/whatsapp-by-the-numbers-what-anonymized-metadata-from-a-security-flaw-reveals/
I dived into anonymized metadata published after a #WhatsApp security issue that exposed 3.5B phone numbers
-Android rules (81%)
-iOS dominates in rich markets
-Monaco = multi-account heaven
-China is niche but enterprise-heavy
https://www.mobile-hacker.com/2025/11/20/whatsapp-by-the-numbers-what-anonymized-metadata-from-a-security-flaw-reveals/
Mobile Hacker
WhatsApp by the Numbers: What Anonymized Metadata from a Security Flaw Reveals
The dataset originates from metadata published in connection with a security study titled “Trivial WhatsApp Security Issue Exposed 3.5 Billion Phone Numbers.” That research demonstrated how a simple flaw could reveal phone numbers globally.
❤6👍3🔥2🤮2