Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)
CVE-2023-21433 is an improper access control that allows attackers to install any applications available on the Galaxy App Store.
CVE-2023-21434 is an improper input validation that lets attackers execute JavaScript on the target device.
https://research.nccgroup.com/2023/01/20/technical-advisory-multiple-vulnerabilities-in-the-galaxy-app-store-cve-2023-21433-cve-2023-21434/

Three Android Coper Banking Trojans Discovered On Google Play
https://twitter.com/Threatlabz/status/1617579712062324737

CVE-2022-42864: Diabolical Cookies
Proof-of-concept exploit for CVE-2022-42864, a time-of-check-time-of-use vulnerability in IOHIDFamily that was fixed in iOS 16.2 / macOS Ventura 13.1.
https://github.com/Muirey03/CVE-2022-42864

Pwning the all Google phone with a non-Google bug (CVE-2022-38181)
https://github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug/

kavanoz - a tool that statically unpacks common Android banker malware
https://github.com/eybisi/kavanoz

Gigabud RAT: New Android RAT Masquerading as Government Agencies
https://blog.cyble.com/2023/01/19/gigabud-rat-new-android-rat-masquerading-as-government-agencies/

FluBot - Android Malware Analysis
https://malwareanalysis.co/wp-content/uploads/2023/01/FluBot-Android-Malware-Analysis.pdf
C2 Communication: https://youtu.be/ttZ48hu6xjQ

Fraudulent “CryptoRom” trading apps sneak into Apple and Google app stores
https://news.sophos.com/en-us/2023/02/01/fraudulent-cryptorom-trading-apps-sneak-into-apple-and-google-app-stores/

‘InTheBox’ Web Injects Targeting Android Banking Applications Worldwide
https://blog.cyble.com/2023/01/31/inthebox-web-injects-targeting-android-banking-applications-worldwide/

Analysis of HOOKBOT – a new mobile malware
https://cebrf.knf.gov.pl/komunikaty/artykuly-csirt-knf/362-ostrzezenia/858-hookbot-a-new-mobile-malware

Reversing UK mobile rail tickets
https://eta.st/2023/01/31/rail-tickets.html

PixPirate: a new Brazilian Banking Trojan
https://www.cleafy.com/cleafy-labs/pixpirate-a-new-brazilian-banking-trojan

TgToxic Malware’s Automated Framework Targets Southeast Asia Android Users
https://www.trendmicro.com/en_us/research/23/b/tgtoxic-malware-targets-southeast-asia-android-users.html

A three day video course on Android Malware Analysis:
Day 1: http://youtube.com/watch?v=CwCOGf4Uunk
Day 2: http://youtube.com/watch?v=yZe8tGzm8nA
Day 3: http://youtube.com/watch?v=JdBu9yEu8g4

Testing MEDUSA Android dynamic instrumentation Tool for Android pentesting & malware analysis
https://youtu.be/4hpjRuNJNDw

Android OS Privacy Under the Loupe
We use a combination of static and dynamic code analysis techniques to study the data transmitted by the preinstalled system apps on Android smartphones from three of the most popular vendors in China.
https://arxiv.org/abs/2302.01890

Money Lover App Vulnerability Exposed Personal Info
The exposed data included email addresses, wallet names, and limited transaction data.
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/money-lover-app-vulnerability-exposes-personal-info/

Technical analysis of Godfather android malware
https://muha2xmad.github.io/malware-analysis/godfather/

Android Pentest 101
A list of Android Security materials and resources for pentesters and bug hunters
https://github.com/dn0m1n8tor/AndroidPentest101

Indian social media app Slick exposed childrens’ user data
https://techcrunch.com/2023/02/10/slick-social-media-app-data-exposed

Telegram: How a messenger turned into a cybercrime ecosystem by 2023
https://ke-la.com/wp-content/uploads/2023/02/KELA_Telegram_CEBIN.pdf