Mobile Malware Analysis Part 2 – MasterFred
https://8ksec.io/mobile-malware-analysis-part-2-masterfred/

Android Goes All-in on Fuzzing
https://security.googleblog.com/2023/08/android-goes-all-in-on-fuzzing.html

Obfuscating Android Apps with Native Code
The presentation explores writing Android applications in purely native code to obfuscate app flow-of-control
Resources: https://github.com/LaurieWired/AndroidPurelyNative_Troopers23
Presentation: https://youtu.be/wayMcQQZV1U?si=UJ6m_6jogtzcnNBF

Trojanized Signal and Telegram apps were discovered on Google Play and Galaxy Store
Patched Signal is the first documented case of spying on a victim’s Signal communications by secretly autolinking the compromised device to attacker’s Signal device
https://www.welivesecurity.com/en/eset-research/badbazaar-espionage-tool-targets-android-users-trojanized-signal-telegram-apps/

Bypassing Hardened Android Application available on the Play Store
-Root Detection Check in Native Java code and in React Native file
-Emulator Check
-Frida Running Check
-SSL Pinning Bypass
https://notsosecure.com/bypassing-hardened-android-applications

How to port custom build of Kali Nethunter to an unsupported phone (Xiaomi Poco X3 NFC) and compile custom Kernel with support for TP-LINK W722N V2/V3 (RTL8812AU drivers)
https://r0ttenbeef.github.io/Port-Custom-Build-of-Kali-Nethunter-to-an-Unsupported-Phone-Walkthrough/

Infamous Chisel: Detailed analysis of each component associated with Sandworm APT group designed to enable remote access and exfiltrate information from Android phones
https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/infamous-chisel/NCSC-MAR-Infamous-Chisel.pdf

Account takeover using PIN brute-force
BillPoint app didn't use brute-force PIN protection, which allowed attacker to gain unauthorized access to any user account simply by knowing their email
https://medium.com/@hackedbyeldee/account-takeover-on-billpoint-co-mobile-app-9cc3aedd92b

Video explanation on a bug discovered in PayPal Business Android app how it was possible to steal authentication token to takeover victim account
https://youtu.be/AoSvq9v8kvY?si=shOkn5aq_mXrhlu3

Android.Pandora trojans (ancestor of Linux Mirai trojan) compromise Android devices, either during firmware updates or when applications for viewing pirated video content are installed
https://news.drweb.com/show/?i=14743&lng=en

How to spoof iOS devices with Bluetooth pairing messages using Android
https://www.mobile-hacker.com/2023/09/07/spoof-ios-devices-with-bluetooth-pairing-messages-using-android/

New 0-click exploit chain discovered targeting iOS devices delivers Pegasus Spyware
Exploit chain was capable of compromising iPhones (iOS 16.6) without any user interaction.
The device is compromised just by receiving malicious image in iMessage (CVE-2023-41064, CVE-2023-41061).
➡️ Update your iOS devices
https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/

Evil Telegram doppelganger attacks Chinese users
https://securelist.com/trojanized-telegram-mod-attacking-chinese-users/110482/

Useful tutorial on how to port Kali NetHunter (including custom Kernel) to unsupported "Essential Phone"
https://odysee.com/@z2rec:1/how-i-ported-kali-nethunter-to-unsupported-device:c

From ERMAC to Hook: Investigating the technical differences between two Android malware variants
https://research.nccgroup.com/2023/09/11/from-ermac-to-hook-investigating-the-technical-differences-between-two-android-malware-variants/

Android App Pin Security Issue Allows Unauthorized Payments via Google Wallet even with enabled "Require device unlock for NFC" option (CVE-2023-35671)
While in pinned mode, all other apps become temporarily inaccessible, except Google Wallet.
PoC: https://github.com/MrTiz/CVE-2023-35671

Android trojan masquerade as an Iranian online trading platform
https://news.drweb.com/show/?i=14748&lng=en

Massive Mobile Security Framework (MMSF)
A mobile open-source framework that combines functionalities from frida, objection, drozer, reflutter and more for iOS and Android app analysis
Info: https://securitycafe.ro/2023/09/18/mobile-pentesting-101-introducing-to-mmsf-massive-mobile-security-framework/
Download: https://github.com/St3v3nsS/MMSF

Brute forcing Android app's PIN using Frida to bypass bank's 2FA and get authorization token
https://www.corellium.com/blog/frida-brute-forcing-pins-mobile-pentest

In December 2022, Google discovered in-the-wild exploit chain targeting Samsung Android devices used by commercial mobile spyware vendor Variston.
It appears that n-day exploits that were fixed in Google products in 2022 (Chrome), were not fixed yet in Samsung (Samsung browser) and because of that exploited by espionage software in early exploitation stages.
Final stage, describes how attacker achieved execution as system_server (CVE-2023-0266, CVE-2023-26083)
https://googleprojectzero.blogspot.com/2023/09/analyzing-modern-in-wild-android-exploit.html

Transparent Tribe’s (APT36) Android CapraRAT Mimics YouTube to Hijack Android Phones
https://www.sentinelone.com/labs/capratube-transparent-tribes-caprarat-mimics-youtube-to-hijack-android-phones/