A Large-scale Temporal Measurement of Android Malicious Apps: Persistence, Migration, and Lessons Learned
https://www.usenix.org/conference/usenixsecurity22/presentation/shen

When Wireless Malware Stays On After Turning Off iPhones
demo: https://youtu.be/KrqTHd5oqVw
paper: https://arxiv.org/pdf/2205.06114.pdf

Vulnerability in Huawei's AppGallery can download paid apps for free
https://evowizz.dev/blog/huawei-appgallery-vulnerability

Comparing root detection on banking apps with latest version of Magisk
https://markuta.com/magisk-root-detection-banking-apps/

Technical Advisory – BLE Proximity Authentication Vulnerable to Relay Attacks
https://research.nccgroup.com/2022/05/15/technical-advisory-ble-proximity-authentication-vulnerable-to-relay-attacks/

Protecting Android users from 0-Day attacks

Denoscription of 3 campaigns delivered one-time links mimicking URL shortener services to the targeted Android users via email. Once clicked, the link redirected the target to an attacker-owned domain that delivered the exploits before redirecting the browser to a legitimate website.

Compromise flow:
website redirect -> deliver browser exploit -> load ALIEN malware -> load PREDATOR payload
https://blog.google/threat-analysis-group/protecting-android-users-from-0-day-attacks/

Android security checklist: theft of arbitrary files
https://blog.oversecured.com/Android-security-checklist-theft-of-arbitrary-files/

Weaponizing dirtypipe vulnerability on Android
https://docs.google.com/presentation/d/1Tq00gy1GtiK0OvNYOy_kCz0er9ZECBXGoy5Lfy5MD3M/mobilepresent#slide=id.p

Anti-Frida - Techniques to Detect Frida
https://github.com/apkunpacker/Anti-Frida

New version of Android banking trojan ERMAC 2.0 is available on the underground market and already has an active campaign https://blog.cyble.com/2022/05/25/ermac-back-in-action/

Notification implicit PendingIntent in Android NextCloud app allows to access contacts (CVE-2022-24886) https://hackerone.com/reports/1161401

Mobile threat evolution in Q1 2022 by Kaspersky
https://securelist.com/it-threat-evolution-in-q1-2022-mobile-statistics/106589/

GhostTouch: Targeted Attacks on Touchscreens without Physical Touch
The core idea is to take advantage of the electromagnetic signals to inject fake touch events such as taps and swipes into targeted locations of the touchscreen with the goal of taking over remote control and manipulating the underlying device
https://www.usenix.org/conference/usenixsecurity22/presentation/wang-kai

Android apps with millions of downloads exposed to high-severity vulnerabilities
http://www.microsoft.com/security/blog/2022/05/27/android-apps-with-millions-of-downloads-exposed-to-high-severity-vulnerabilities/

The Bridge between Web Applications and Mobile Platforms is Still Broken
https://minimalblue.com/data/papers/SECWEB22_broken_bridge.pdf

Sophisticated RAT spying on Mobile Devices
https://blog.cyble.com/2022/05/26/new-malware-campaign-delivers-android-rat/

IoT malware EnemyBot: In case an Android device is connected through USB, or Android emulator running on the machine, EnemyBot will try to infect it by executing shell command
https://cybersecurity.att.com/blogs/labs-research/rapidly-evolving-iot-malware-enemybot-now-targeting-content-management-system-servers

A Deep Dive into iOS Code Signing
https://blog.umangis.me/a-deep-dive-into-ios-code-signing/

2022 mobile threat landscape update
https://www.threatfabric.com/blogs/h1-2022-mobile-threat-landscape.html

Pending Intents: A Pentester’s view
https://valsamaras.medium.com/pending-intents-a-pentesters-view-92f305960f03

Takedown of SMS-based FluBot spyware infecting Android phones
https://www.europol.europa.eu/media-press/newsroom/news/takedown-of-sms-based-flubot-spyware-infecting-android-phones