Doctor Web’s overview of virus activity on mobile devices in 2021
https://news.drweb.com/show/review/?i=14395&lng=en

Dark Herring - Financially Motivated Mobile Scamware Exceeds 100M Installations
https://blog.zimperium.com/dark-herring-android-scamware-exceeds-100m-installations/

TianySpy - new mobile malware infection chain targeting both Android and iPhone device
https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html

IOMobileFrameBuffer vulnerability in iPhone 6s and later (until iOS 15.3) has been actively exploited (CVE-2022-22587)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited
https://support.apple.com/en-us/HT213053

New FluBot and TeaBot Global Malware Campaigns Discovered
https://www.bitdefender.com/blog/labs/new-flubot-and-teabot-global-malware-campaigns-discovered

Facestealer – The Rise of Facebook Credential Stealer Malware
https://labs.k7computing.com/index.php/facestealer-the-rise-of-facebook-credential-stealer-malware/

Malicious app on Google Play drops banking malware on users’ devices
https://blog.pradeo.com/vultur-malware-dropper-google-play

How Android updates work: A peek behind the curtains from an insider
https://medium.com/@Za_Raczke/how-android-updates-work-a-peek-behind-the-curtains-from-an-insider-1d8e1a48ec0b

How to bypass root detection and SSL pinning on Android and iOS using Frida and Objection
https://securitycafe.ro/2022/02/01/root-detection-and-ssl-pinning-bypass/

A Primer On Android Forensics
https://nex.sx/tech/2022/01/28/a-primer-on-android-forensics.html

Abusing Facebooks Call To Action to launch internal deeplinks
https://www.ash-king.co.uk/blog/abusing-Facebooks-call-to-action-to-launch-internal-deeplinks

Diving Deeper in Android System Diagnostics and Remote Forensics
https://nex.sx/tech/2022/02/04/diving-deeper-in-android-system-diagnostics.html

How to build a Cellphone IMSI Catcher (Stingray)
https://www.hackers-arise.com/post/software-defined-radio-part-6-building-a-imsi-catcher-stingray

FluBot and Medusa Android banking Trojans attack banks side-by-side via SMiShing
https://www.threatfabric.com/blogs/partners-in-crime-medusa-cabassous.html#medusa-turkish-delight-with-dangerous-filling

Malicious campaign Roaming Mantis (Wroba.o, Moqhao, XLoader) reaches Europe via SMiShing targeting Android and iOS
https://securelist.com/roaming-mantis-reaches-europe/105596/

Zero-Click RCE Exploit for the Peloton Bike (And Also Every Other Unpatched Android Device)
https://www.nowsecure.com/blog/2022/02/09/a-zero-click-rce-exploit-for-the-peloton-bike-and-also-every-other-unpatched-android-device/

SIM Hijacking
https://sensepost.com/blog/2022/sim-hijacking/

Google awarded $8.7 million to 696 security researchers in 2021

Highest reward - $157,000 by discovering critical exploitation chain in Android (CVE-2021-39698)

- $3 million went to Android vulnerabilities
- $3.3 million went to Chrome browser bugs
- $0.5 million went to Google Play Store vulnerabilities
- $0.313 million went to Google Cloud bugs.
https://security.googleblog.com/2022/02/vulnerability-reward-program-2021-year.html

apkingo - get detailed information about apk files

I retrieves: package name, target SDK, permissions, metadata, certificate serial and issuer, info from Google Play Store and detect if it is malicious using Koodous
https://github.com/andpalmier/apkingo

How to Bypass Jailbreak Detection On iOS Apps & Games (iOS 11 - iOS 14)
https://idevicecentral.com/jailbreak-guide/how-to-bypass-jailbreak-detection-on-ios-applications-and-games-ios-11-ios-14/

WiFi Zero Click RCE Trigger PoC CVE-2021-1965
https://github.com/parsdefense/CVE-2021-1965