StrongPity espionage campaign targeting Android users
https://www.welivesecurity.com/2023/01/10/strongpity-espionage-campaign-targeting-android-users/

Bypassing Frida detection in Android
https://www.youtube.com/watch?v=M0ETKs6DZn8

Bypass of two-factor authentication in TikTok Android app
https://hackerone.com/reports/1747978

Exploit for CVE-2022-20452, privilege escalation on Android from installed app to system app
https://github.com/michalbednarski/LeakValue

Dissecting an Android stalkerware
https://andpalmier.com/posts/stalkerware-analysis/

Explanation of various web injection techniques used by Android banking malware such as JavaScript injection, Overlay Attack and Cookie Stealing Attack
https://securityintelligence.com/posts/view-into-webview-attacks-android/

Apple DER Ennoscriptments: The (Brief) Return of the Psychic Paper (CVE-2022-42855)
https://googleprojectzero.blogspot.com/2023/01/der-ennoscriptments-brief-return-of.html

Android TV box from Amazon has pre-installed malware (T95 Android TV box Malware Analysis)
https://github.com/DesktopECHO/T95-H616-Malware

How to instrument system applications on Android stock images
https://blog.talosintelligence.com/how-to-instrument-system-applications-on-android-stock-images/

Analysis of a Secure Messenger Threema revealed six possible attack scenarios
https://breakingthe3ma.app/
Threema statement: https://threema.ch/en/blog/posts/news-alleged-weaknesses-statement

Uncovering Iran’s Mobile Legal Intercept System
https://citizenlab.ca/2023/01/uncovering-irans-mobile-legal-intercept-system/

Damn Vulnerable iOS App v2.
Learn about 15+ different security issues by hacking the app to learn
https://github.com/prateek147/DVIA-v2

Android Botnet Hook: a new Ermac fork with RAT capabilities
https://www.threatfabric.com/blogs/hook-a-new-ermac-fork-with-rat-capabilities.html

Roaming Mantis implements new DNS changer in its malicious mobile app in 2022

Android malicious app gets IP of router gateway, identifies the router manufacturer, tries default credentials and changes DNS settings. Malware uses this technique to every free/public Wi-Fi networks such as cafes, bars, hotels, airports etc. so anyone connecting in these places might become a victim.
https://securelist.com/roaming-mantis-dns-changer-in-malicious-mobile-app/108464/

Android Exploit to get a System based shell (UID 1000) on ANY Samsung Mobile Device based on CVE-2019-16253

1) Downgrade to vulnerable SamsungTTS app
2) Install exploit APK
3) Exploit vulnerability to achieve System rights
https://forum.xda-developers.com/t/system-shell-exploit-all-samsung-mobile-devices-no-bl-unlock-required.4543071/

VASTFLUX - sophisticated ad fraud operation takendown.
More than 1,700 apps and 120 publishers were spoofed, and the scheme ran inside apps on nearly 11 million devices.
https://www.humansecurity.com/learn/blog/traffic-signals-the-vastflux-takedown

Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)
CVE-2023-21433 is an improper access control that allows attackers to install any applications available on the Galaxy App Store.
CVE-2023-21434 is an improper input validation that lets attackers execute JavaScript on the target device.
https://research.nccgroup.com/2023/01/20/technical-advisory-multiple-vulnerabilities-in-the-galaxy-app-store-cve-2023-21433-cve-2023-21434/

Three Android Coper Banking Trojans Discovered On Google Play
https://twitter.com/Threatlabz/status/1617579712062324737

CVE-2022-42864: Diabolical Cookies
Proof-of-concept exploit for CVE-2022-42864, a time-of-check-time-of-use vulnerability in IOHIDFamily that was fixed in iOS 16.2 / macOS Ventura 13.1.
https://github.com/Muirey03/CVE-2022-42864

Pwning the all Google phone with a non-Google bug (CVE-2022-38181)
https://github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug/

kavanoz - a tool that statically unpacks common Android banker malware
https://github.com/eybisi/kavanoz