Android TV box from Amazon has pre-installed malware (T95 Android TV box Malware Analysis)
https://github.com/DesktopECHO/T95-H616-Malware

How to instrument system applications on Android stock images
https://blog.talosintelligence.com/how-to-instrument-system-applications-on-android-stock-images/

Analysis of a Secure Messenger Threema revealed six possible attack scenarios
https://breakingthe3ma.app/
Threema statement: https://threema.ch/en/blog/posts/news-alleged-weaknesses-statement

Uncovering Iran’s Mobile Legal Intercept System
https://citizenlab.ca/2023/01/uncovering-irans-mobile-legal-intercept-system/

Damn Vulnerable iOS App v2.
Learn about 15+ different security issues by hacking the app to learn
https://github.com/prateek147/DVIA-v2

Android Botnet Hook: a new Ermac fork with RAT capabilities
https://www.threatfabric.com/blogs/hook-a-new-ermac-fork-with-rat-capabilities.html

Roaming Mantis implements new DNS changer in its malicious mobile app in 2022

Android malicious app gets IP of router gateway, identifies the router manufacturer, tries default credentials and changes DNS settings. Malware uses this technique to every free/public Wi-Fi networks such as cafes, bars, hotels, airports etc. so anyone connecting in these places might become a victim.
https://securelist.com/roaming-mantis-dns-changer-in-malicious-mobile-app/108464/

Android Exploit to get a System based shell (UID 1000) on ANY Samsung Mobile Device based on CVE-2019-16253

1) Downgrade to vulnerable SamsungTTS app
2) Install exploit APK
3) Exploit vulnerability to achieve System rights
https://forum.xda-developers.com/t/system-shell-exploit-all-samsung-mobile-devices-no-bl-unlock-required.4543071/

VASTFLUX - sophisticated ad fraud operation takendown.
More than 1,700 apps and 120 publishers were spoofed, and the scheme ran inside apps on nearly 11 million devices.
https://www.humansecurity.com/learn/blog/traffic-signals-the-vastflux-takedown

Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)
CVE-2023-21433 is an improper access control that allows attackers to install any applications available on the Galaxy App Store.
CVE-2023-21434 is an improper input validation that lets attackers execute JavaScript on the target device.
https://research.nccgroup.com/2023/01/20/technical-advisory-multiple-vulnerabilities-in-the-galaxy-app-store-cve-2023-21433-cve-2023-21434/

Three Android Coper Banking Trojans Discovered On Google Play
https://twitter.com/Threatlabz/status/1617579712062324737

CVE-2022-42864: Diabolical Cookies
Proof-of-concept exploit for CVE-2022-42864, a time-of-check-time-of-use vulnerability in IOHIDFamily that was fixed in iOS 16.2 / macOS Ventura 13.1.
https://github.com/Muirey03/CVE-2022-42864

Pwning the all Google phone with a non-Google bug (CVE-2022-38181)
https://github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug/

kavanoz - a tool that statically unpacks common Android banker malware
https://github.com/eybisi/kavanoz

Gigabud RAT: New Android RAT Masquerading as Government Agencies
https://blog.cyble.com/2023/01/19/gigabud-rat-new-android-rat-masquerading-as-government-agencies/

FluBot - Android Malware Analysis
https://malwareanalysis.co/wp-content/uploads/2023/01/FluBot-Android-Malware-Analysis.pdf
C2 Communication: https://youtu.be/ttZ48hu6xjQ

Fraudulent “CryptoRom” trading apps sneak into Apple and Google app stores
https://news.sophos.com/en-us/2023/02/01/fraudulent-cryptorom-trading-apps-sneak-into-apple-and-google-app-stores/

‘InTheBox’ Web Injects Targeting Android Banking Applications Worldwide
https://blog.cyble.com/2023/01/31/inthebox-web-injects-targeting-android-banking-applications-worldwide/

Analysis of HOOKBOT – a new mobile malware
https://cebrf.knf.gov.pl/komunikaty/artykuly-csirt-knf/362-ostrzezenia/858-hookbot-a-new-mobile-malware

Reversing UK mobile rail tickets
https://eta.st/2023/01/31/rail-tickets.html

PixPirate: a new Brazilian Banking Trojan
https://www.cleafy.com/cleafy-labs/pixpirate-a-new-brazilian-banking-trojan