New Trojans on Google Play that secretly subscribe users to paid services - we called this family Harly. Similar to Joker and dates back to 2020, the current campaign is targeting users in Thailand.
https://t.co/fSKyY62FKD
https://t.co/mHfFJ6aavy

Authored by SangRyol Ryu and Yukihiro Okutomi  McAfee’s Mobile Research team recently analyzed new malware targeting mobile payment users in Japan. The

“What can you do with deep links?” I welcome you to the first installment of the deep links crash course series…

In this post, we will take a closer look at different types of deep links.

Short videos on reverse engineering mobile operating systems, applications, and firmware. Only real-world examples with free tools :)

بسم الله الرحمن الرحيم

Note: As of 2022/10/25 the information in this series is slightly outdated. See Part 5 for more up to date information.
The Car Last summer I bought a 2021 Hyundai Ioniq SEL. It is a nice fuel-efficient hybrid with a decent amount of features like wireless…

A fake mobile banking rewards app delivered through a link in an SMS campaign has been making the rounds, targeting customers of Indian banking institutions. Users who install the mobile app are unknowingly installing an Android malware with remote access…

بسم الله الرحمن الرحيم

This second blog post deals with native code obfuscation and RASP syscall interception

It was identified that the android **com.basecamp.bc3 application**, contains a Webview where the loaded URLs are not sanitised properly. As this webview's functionality is extended via javanoscript...

WhatsApp Security Advisories 2022 - List of security fixes for WhatsApp products

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics. - tanprathan/MobileApp-Pentest-Chea...

Tracing and backtracing works quite different on Android when compared to iOS. We'll take a look into how to list all Java classes with Frida, how to trace then, and how to generate a Java backtrace from inside the JVM. With an Android Studio virtual phone…

HUMAN's Satori Threat Intelligence and Research Team uncovered a network of 89 Android and iOS apps committing various flavors of ad fraud.

Highlights: Check Point Research (CPR) examines a long running mobile surveillance campaign, targeting the largest minority in China- the Uyghurs. The

بسم الله الرحمن الرحيم

A slew of apps containing the Harly Trojan subscriber have been found on Google Play, adding up to more than 4.8 million downloads. We explain why these apps are dangerous.