# Summary
While testing Adobe Acrobat reader app , the app has a feature which allows user to open pdfs directly from http/https url. This feature was vulnerable to path traversal vulnerability.
Abode reader was also using Google play core library for dynamic…

This article explains how to unpack sample sha256 5b9049c392eaf83b12b98419f14ece1b00042592b003a17e4e6f0fb466281368 which was served from…

In the previous article, we discussed the packing mechanism of a Bian Lian sample, and how to unpack. This article reverse engineers the…

AERoot is a command line tool that allows you to give root privileges on-the-fly to any process running on the Android emulator with Google Play flavors AVDs. - quarkslab/AERoot

The mobile banking malware BRATA keeps evolving. Read here the new Technical Report, which explains in detail how it monitors banks account and how to prevent it.

Human-friendly cross-platform system call tracing and hooking library based on Frida's Stalker - FrenchYeti/interruptor

Find out on Doctor Web’s site about the latest virus threats and information security issues.

Research by Aazim Bill SE Yaswant and Nipun Gupta While some financially motivated scams may seem simple on the surface, the truth of the matter is that

Trend Micro confirmed a new mobile malware infection chain targeting both Android and iPhone devices. The malware might have been designed to steal credentials associated with membership websites of major Japanese telecommunication services.

This document describes the security content of iOS 15.3 and iPadOS 15.3.

Some malware and phishing campaigns have short lives, tending to dissipate after
they're identified by security solutions.

Threat actors are constantly employing new tricks while also maintaining their old tried-and-tested tactics. One such evergreen tactic, is to deploy […]

Pradeo’s researchers discovered a malicious mobile application called 2FA Authenticator distributed on Google Play and installed by 10K+ users.

Updates on Android were always a topic of discussion in the tech communities. Even though they are a crazily complicated topic and very few…

There are multiple methods to circumvent the client-side security that blocks the usage of the tested application in an unsafe environment such as Rooted or Jailbroken devices. Next, I will give yo…

A lot has already been said on iOS forensics for the purpose of discovering traces of compromise and spyware execution. And although a lot more is left to ex...

Ever noticed that big blue button on the top of every Facebook page? This feature, known as Call to action or CTA is designed for user engagement and allows a page to redirect their visitors to a website, an app, inbox etc. I found it was possible for a page…

Following up from last week’s Primer on Android Forensics, today we are going to dive a little deeper into Android system diagnostics, have a look at some ne...