Account takeover in Android app via JavaScript bridge
A misconfigured addJavascriptInterface + flawed domain validation + javascript:// trick enabled full cookie exfiltration via WebView.
Exploit chain: JSB dispatcher โ file access handler โ bypass via newline injection.
Payload:
Delivered via deeplink.
Executed JSB call to toBase64.
Read Cookies file from app sandbox.
Exfiltrated session data via callback.
https://tuxplorer.com/posts/account-takeover-via-jsb/
A misconfigured addJavascriptInterface + flawed domain validation + javascript:// trick enabled full cookie exfiltration via WebView.
Exploit chain: JSB dispatcher โ file access handler โ bypass via newline injection.
Payload:
Delivered via deeplink.
Executed JSB call to toBase64.
Read Cookies file from app sandbox.
Exfiltrated session data via callback.
https://tuxplorer.com/posts/account-takeover-via-jsb/
๐12๐ฅ5โค2
Forwarded from The Bug Bounty Hunter
Practical Android Pentesting: A Case Study on TikTok RCE
https://dphoeniixx.medium.com/practical-android-pentesting-a-case-study-on-tiktok-rce-4a82e79cc7c6
https://dphoeniixx.medium.com/practical-android-pentesting-a-case-study-on-tiktok-rce-4a82e79cc7c6
Medium
Practical Android Pentesting: A Case Study on TikTok RCE
From Universal XSS to native library hijacking: A comprehensive guide to Android exploitation using WebViews, Intent abuse, and Zip Slip.
โค24๐ฅ8๐1
Patching Android ARM64 library initializers for easy Frida instrumentation and debugging
https://blog.nviso.eu/2025/10/14/patching-android-arm64-library-initializers-for-easy-frida-instrumentation-and-debugging/
https://blog.nviso.eu/2025/10/14/patching-android-arm64-library-initializers-for-easy-frida-instrumentation-and-debugging/
NVISO Labs
Patching Android ARM64 libraries for Frida instrumentation
Discover techniques for Android ARM64 library patching and Frida instrumentation.
โค21๐5๐3
HyperRat โ A New Android RAT Sold On Cybercrime Networks
https://iverify.io/blog/hyperrat-a-new-android-rat-sold-on-cybercrime-networks
https://iverify.io/blog/hyperrat-a-new-android-rat-sold-on-cybercrime-networks
iverify.io
HyperRat โ A New Android RAT Sold On Cybercrime Networks
Discover HyperRat, an Android remote access tool being sold on cybercrime forums. Learn about its features, how it operates, and its impact on cybersecurity.๏ปฟ
โค15๐คจ4๐คฌ2๐1๐ฅ1๐ฉ1๐คก1
Modding And Distributing Mobile Apps with Frida
https://pit.bearblog.dev/modding-and-distributing-mobile-apps-with-frida/
https://pit.bearblog.dev/modding-and-distributing-mobile-apps-with-frida/
Pit'sย Proof Of Concept
Modding And Distributing Mobile Apps with Frida
Walkthrough of how to embed frida scripts in apps to distribute proper mods. Supports frida 17+.
โค7๐ฅฐ6๐3๐2
Android backdoor hijacks Telegram accounts, gaining complete control over them
https://news.drweb.com/show/?i=15076&lng=en&c=5
https://news.drweb.com/show/?i=15076&lng=en&c=5
โค12๐4๐ฑ3๐1
How 1-click iOS exploit chains work (WebKit exploitation basics)
https://youtu.be/o6mVgygo-hk
https://youtu.be/o6mVgygo-hk
YouTube
How 1-Click Can Hack your iPhone (WebKit Exploitation Explained)
Are you a security researcher or reverse engineer?
For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **
*License discounts are only valid for individualsโฆ
For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **
*License discounts are only valid for individualsโฆ
๐16โค12๐2
Vulnerability in Google Messages for Wear OS resulted in invoking intents to send messages without permission (CVE-2025-12080) and awarded $2,250.00 by Google
Blog: https://towerofhanoi.it/writeups/cve-2025-12080/
PoC: https://github.com/io-no/CVE-Reports/tree/main/CVE-2025-12080
Blog: https://towerofhanoi.it/writeups/cve-2025-12080/
PoC: https://github.com/io-no/CVE-Reports/tree/main/CVE-2025-12080
โค23๐5๐ฅ4
New Android Malware Herodotus Mimics Human Behaviour to Evade Detection
https://www.threatfabric.com/blogs/new-android-malware-herodotus-mimics-human-behaviour-to-evade-detection
https://www.threatfabric.com/blogs/new-android-malware-herodotus-mimics-human-behaviour-to-evade-detection
ThreatFabric
New Android Malware Herodotus Mimics Human Behaviour to Evade Detection
ThreatFabric has uncovered Herodotus, a new mobile malware family that aims to disrupt how fraud is done and tries to act human.
๐8โค4
GhostGrab is a new Android malware blending crypto mining with banking credential theft.
It hijacks SMS OTPs, harvests PII, and runs a hidden Monero minerโdraining battery while stealing funds.
It compromised over 30 devices and C&C server leaks over 2800 victim SMS
https://www.cyfirma.com/research/ghostgrab-android-malware/
It hijacks SMS OTPs, harvests PII, and runs a hidden Monero minerโdraining battery while stealing funds.
It compromised over 30 devices and C&C server leaks over 2800 victim SMS
https://www.cyfirma.com/research/ghostgrab-android-malware/
๐ฑ18โค7๐4๐4๐1
[beginners] Deep dive into Android Pentesting
Covered everything from static & dynamic analysis, Frida, Drozer, SSL pinning bypass, deep links, broadcast receivers, and more
If you're into mobile security, this one's packed with real-world scenarios & tools
https://coal-memory-97b.notion.site/Android-Pentest-1f6923af30cc80bdafa4f3c581f4c5f8
Covered everything from static & dynamic analysis, Frida, Drozer, SSL pinning bypass, deep links, broadcast receivers, and more
If you're into mobile security, this one's packed with real-world scenarios & tools
https://coal-memory-97b.notion.site/Android-Pentest-1f6923af30cc80bdafa4f3c581f4c5f8
โค31๐3๐คฃ1
The Rise of NFC Relay Malware on Mobile Devices
Cybercriminals are spreading NFC relay malware that tricks you into placing your card against your phoneโs NFC chip. Once you do, the malware silently captures and relays your card data to fraudsters, who can use it for unauthorized payments or ATM withdrawals.
Reports show these scams are growing fast across the globe, with hundreds of malicious apps already detected.
https://zimperium.com/blog/tap-and-steal-the-rise-of-nfc-relay-malware-on-mobile-devices
Cybercriminals are spreading NFC relay malware that tricks you into placing your card against your phoneโs NFC chip. Once you do, the malware silently captures and relays your card data to fraudsters, who can use it for unauthorized payments or ATM withdrawals.
Reports show these scams are growing fast across the globe, with hundreds of malicious apps already detected.
https://zimperium.com/blog/tap-and-steal-the-rise-of-nfc-relay-malware-on-mobile-devices
โค19๐4
Spyrtacus: Italian Surveillanceware Targets Android via Telecom
https://www.secureblink.com/threat-research/spyrtacus-italian-surveillanceware-targets-android-via-telecom-phishing
https://www.secureblink.com/threat-research/spyrtacus-italian-surveillanceware-targets-android-via-telecom-phishing
Secureblink
Secure Blink | Autonomous Application & API Security
Secure Blink delivers autonomous application and API security with exploit-backed validation, API security testing, threat intelligence, and remediation workflows.
๐16โค2
Analysis of Android/BankBot-YNRK Mobile Banking Trojan
https://www.cyfirma.com/research/investigation-report-android-bankbot-ynrk-mobile-banking-trojan/
https://www.cyfirma.com/research/investigation-report-android-bankbot-ynrk-mobile-banking-trojan/
CYFIRMA
Investigation Report: Android/BankBot-YNRK Mobile Banking Trojan - CYFIRMA
Investigation Report: Android/BankBot-YNRK Mobile Banking Trojan Executive Summary This report covers the analysis and findings related to three Android application...
๐9๐6
Analysis of Android DeliveryRAT
https://www.f6.ru/blog/android-deliveryrat-research/
https://www.f6.ru/blog/android-deliveryrat-research/
๐10๐ฉ5โค4๐คฎ1๐คก1๐จ1
Exploiting CVE-2025-21479 on a Samsung S23
https://xploitbengineer.github.io/CVE-2025-21479
https://xploitbengineer.github.io/CVE-2025-21479
XploitBengineer
Exploiting CVE-2025-21479 on a Samsung S23
Motivation A couple of years ago, I picked up a few of Samsung S23โs at Pwn2Own.
๐6โค3๐1
Frida JDWP Loader
This tool dynamically attaches Frida to any debuggable Android process over JDWP, enabling runtime instrumentation without root access.
Perfect for dynamic app analysis, quick pentesting, bug bounty
https://github.com/frankheat/frida-jdwp-loader Video demo: https://x.com/androidmalware2/status/1986022672472359017
This tool dynamically attaches Frida to any debuggable Android process over JDWP, enabling runtime instrumentation without root access.
Perfect for dynamic app analysis, quick pentesting, bug bounty
https://github.com/frankheat/frida-jdwp-loader Video demo: https://x.com/androidmalware2/status/1986022672472359017
โค15๐6๐ฅ4
Analysis of recent Android NGate malware campaign (NFC relay) in Poland
https://cert.pl/en/posts/2025/11/analiza-ngate/
Demo: https://x.com/androidmalware2/status/1986406590866727047
https://cert.pl/en/posts/2025/11/analiza-ngate/
Demo: https://x.com/androidmalware2/status/1986406590866727047
cert.pl
Analysis of NGate malware campaign (NFC relay)
CERT Polska has observed new samples of mobile malware in recent months associated with an NFC Relay (NGate) attack targeting users of Polish banks.
๐12โค7๐3
Android Stalkerware Detection Test
https://www.eff.org/deeplinks/2025/11/eff-teams-av-comparatives-test-android-stalkerware-detection-major-antivirus-apps
https://www.eff.org/deeplinks/2025/11/eff-teams-av-comparatives-test-android-stalkerware-detection-major-antivirus-apps
๐11โค3
Fantasy Hub: Analysis of Russian Based Android RAT as M-a-a-S
https://zimperium.com/blog/fantasy-hub-another-russian-based-rat-as-m-a-a-s
https://zimperium.com/blog/fantasy-hub-another-russian-based-rat-as-m-a-a-s
Zimperium
Fantasy Hub: Another Russian Based RAT as M-a-a-S
true
๐11