Anubis downloader found on Google Play with 1,000+ installs.
Info: https://twitter.com/0xabc0/status/1137988063244763136?s=19 via @0xabc0

Overview of 4 techniques used by Android malware to detect name of launched app.
+ how developers can protect their apps against one of these technique.
https://eybisi.run/Mobile-Malware-Analysis-Overlay-and-How-to-Counter-it/

How to get payload of obfuscated Gustuff malware using Frida & Strace
http://skptr.me/dealing_with_obfuscated_malware_like_gustuff.html

PhoneSploit - ADB tools in one place + additional features
https://github.com/Zucccs/PhoneSploit/blob/master/README.md

Trojan downloader found on Google Play by @Maler360

-once launched, hides itself icon
-downloads additional app over HTTP
-makes user install it
-second app can then download additional apps & make user install them as "Update Alert" + display ads
-100,000+ installs
-reported

Video demo: https://twitter.com/LukasStefanko/status/1138764352411131905

iOS Kernel Fuzzing - Finding Bugs/Vulnerabilities in iOS via IOKit Fuzzing https://youtu.be/Psm_mCJXH-8

Yaazhini - Free Android APK & API Vulnerability Scanner https://www.vegabird.com/yaazhini/

Android app - La Liga - spied on football fans

According to reports, audio recorded through the Android smartphone’s microphone was combined with GPS location data in an attempt to determine if bars and restaurants were airing live matches without a license.
https://hotforsecurity.bitdefender.com/blog/la-liga-fined-e250000-after-android-app-spied-on-football-fans-21332.html

Four more apps with 220,000+ installs were lately available on Google Play with the functionality to download and make victim install additional apps + display unwanted ads.

This one is still there, found by @m0br3v

6 MUST HAVE TOOLS FOR YOUR IOS PENTESTING TOOLKIT
https://payatu.com/6-must-tools-ios-pentesting-toolkit/

Methodology for penetration testing and security assessment.
https://github.com/aungthurhahein/Red-Team-Curation-List/blob/master/README.md

Operation Android : Android Pentesting is out.
https://www.peerlyst.com/posts/operation-android-android-pentesting-is-out-benedict-charles

Apps on Google Play pushed fraudulent notifications through browser
https://news.drweb.com/show/?i=13313&lng=en

Solution to Access iOS and High-End Android Devices

Bypass or determine locks and perform a full file system extraction on any iOS device and on many high-end Android devices.
https://www.cellebrite.com/en/ufed-premium/

Mobile Stalkware industry research - a predator in your pocket
https://citizenlab.ca/docs/stalkerware-holistic.pdf

New technique to bypass SMS permission restriction on Google Play to obtain 2FA & OTP codes.
It intercepts SMS notifications.
Discovered fake cryptocurrency exchanges with such functionality on Play Store.
https://www.welivesecurity.com/2019/06/17/malware-google-permissions-2fa-bypass/

Samsung advice their users to scan their TVs for malware.
https://twitter.com/SamsungSupport/status/1140409768743452672

Running iOS in QEMU to an interactive bash shell (1): tutorial
https://alephsecurity.com/2019/06/17/xnu-qemu-arm64-1/

Apparently it's still working
http://imgur.com/a/tKarLNp

Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East

Over 660 Android victims infected via malicious webs promoted on social media. Main goal was espionage.
https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/

QR code app on Google Play with over 1,000,000 installs requests $100 trial payment
https://www.androidpolice.com/2019/06/18/qr-code-app-on-play-store-ripping-people-off-for-100-through-shady-trial-scheme/