BrutePrint: Android phones are vulnerable to fingerprint brute-force attacks
https://arxiv.org/pdf/2305.10791.pdf

Emulating Android native library to decrypt strings using Qiling Framework
https://youtu.be/R1zWh3fbY24

AhRat: Android RAT discovered on Google Play Store based on AhMyth RAT that exfiltrates files and records audio
https://www.welivesecurity.com/2023/05/23/android-app-breaking-bad-legitimate-screen-recording-file-exfiltration/

Google introduced Mobile VRP: Mobile Vulnerability Rewards Program (Mobile VRP) focuses on first-party Android applications developed or maintained by Google
https://bughunters.google.com/about/rules/6618732618186752/google-mobile-vulnerability-reward-program-rules

A technical analysis of Intellexa's PREDATOR mobile spyware
https://blog.talosintelligence.com/mercenary-intellexa-predator/

“FleeceGPT” mobile apps target AI-curious to rake in cash
https://news-sophos-com.cdn.ampproject.org/c/s/news.sophos.com/en-us/2023/05/17/fleecegpt-mobile-apps-target-ai-curious-to-rake-in-cash/

Daam (BouldSpy) Android Botnet recommendations from India CERT
https://www.csk.gov.in/alerts/Daam_android_botnet.html

Flipper zero can root Xiaomi vaccum robot using usb uart app
https://www.reddit.com/r/flipperzero/comments/13sabij/flipper_zero_can_be_used_for_xiaomi_vaccum_robot/
Tutorial: https://builder.dontvacuum.me/dreame/

Permhash: The permhash framework can be used to identify previously unknown APK, CRX, AXML samples through pivoting and clustering
Tool: https://github.com/google/permhash
Research: https://www.mandiant.com/resources/blog/permhash-no-curls-necessary

Android apps containing spyware SpinOk module was discovered in 101 apps on Google Play Store with alltogether 421,000,000+ install
It can exfiltrate:
- list of files in specified directories,
- verify the presence of a specified file or a directory on the device,
- file from the device, and
- copy or substitute the clipboard contents
https://news.drweb.com/show/?lng=en&i=14705

Android DogeRAT: Technical analysis of open-source Android Remote Access Trojan (RAT)
https://cloudsek.com/blog/dogerat-the-android-malware-campaign-targeting-users-across-multiple-industries

Crash WhatsApp using one message
Video demo how it is possible to crash group chat using one message. If you open the chat, WhatsApp will always crash.
✅️To temporarily fix the issue, you have to remove the crash message using WhatsApp web
https://www.instagram.com/reel/Cs3iGe3ORuw/?igshid=MzRlODBiNWFlZA==

Beautifying Native Android Code in Ghidra!
We partially native APK, extract the native binaries, and analyze the native ELF binary
https://youtu.be/sK_jsQ5bJUk

Operation Triangulation: iOS devices targeted with previously unknown malware
This malware compromised several Kaspersky employees: The target iOS device receives a message via the iMessage service, with an attachment containing an exploit. Without any user interaction, the message triggers a vulnerability that leads to code execution.
https://securelist.com/operation-triangulation/109842/

CVE-2023-20963: 0-day in Android's Parcel serialization/deserialization which was used in-the-wild by the Pinduoduo app
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2023/CVE-2023-20963.html

Binder Trace: Tool for intercepting and parsing Android Binder messages Think of it as "Wireshark for Binder"
https://github.com/foundryzero/binder-trace

iOS Deep Link attacks Part 2 – Exploitation
https://8ksec.io/ios-deep-link-attacks-part-2-exploitation-8ksec-blogs/

An active Android campaign pushes adware to Android devices with the purpose of driving revenue
https://www.bitdefender.com/blog/labs/tens-of-thousands-of-compromised-android-apps-found-by-bitdefender-anomaly-detection-technology/

iOS pentesting 101
How to setup iOS environment
https://securitycafe.ro/2023/06/12/mobile-pentesting-101-how-to-set-up-your-ios-environment/

Cloud Mining Scam Distributes Roamer Android Banking Trojan
https://blog.cyble.com/2023/06/14/cloud-mining-scam-distributes-roamer-banking-trojan/