Android banking trojan Zanubis, first appeared around August 2022, targeting financial institution and cryptocurrency exchange users in Peru
Zanubis’s main infection path is through impersonating legitimate Peruvian Android applications and then tricking the user into enabling the Accessibility permissions in order to take full control of the device
https://securelist.com/crimeware-report-asmcrypt-loader-lumma-stealer-zanubis-banker/110512/

Analysis of LightSpy mAPT Mobile Payment System Attack attributed to APT-41 group
https://www.threatfabric.com/blogs/lightspy-mapt-mobile-payment-system-attack

BADBOX: a firmware backdoored trojan found in 74,000 Chinese Android phones, tablets, and TV boxes in 227 counties and territories
There are confirmed 8 devices with backdoors installed — seven TV boxes, the T95, T95Z, T95MAX, X88, Q9, X12PLUS, and MXQ Pro 5G, and a tablet J5-W.
BADBOX functionality:
-Ad Fraud,
-Uses backdoored devices as proxy,
-Create fake accounts,
-Downloads and runs additional modules.
Report: https://www.humansecurity.com/hubfs/HUMAN_Report_BADBOX-and-PEACHPIT.pdf

NetHunter Hacker IX: How to use MANA Toolkit to create Wi-Fi rogue access point and intercept HTTP traffic
https://www.mobile-hacker.com/2023/10/05/nethunter-hacker-ix-use-mana-toolkit-to-create-wi-fi-rogue-access-point-and-intercept-traffic/

Trigger iOS proximity paring messages from over 50 meters using Android phone
The update of the blog explains how to boost transmitted signal from Android nRF Connect app, demonstrates running AppleJuice on iOS17 and using cheap Arduino ESP32 board
https://www.mobile-hacker.com/2023/09/07/spoof-ios-devices-with-bluetooth-pairing-messages-using-android/

Get external IP address of the user during Telegram call. Now it works well and returns public instead of local IP
https://twitter.com/androidmalware2/status/1711313647576686621

Well explained blog on how to find and exploit XSS in Android apps in WebViews and Deep Links
https://securityboulevard.com/2023/10/execution-of-arbitrary-javanoscript-in-android-application/

Unmasking the Godfather - Reverse Engineering the Latest Android Banking Trojan
Talk: https://youtu.be/jNQmc2REwFg
Slides: https://github.com/LaurieWired/StrangeLoop

iOS Pentesting Series
Learn how to work with useful tools and apps such as Frida, Objection, 3uTools, Cydia, Burp, fsmon, fridump, SSL bypass, reFlutter etc.
Part 1: https://kishorbalan.medium.com/start-your-first-ios-application-pentest-with-me-part-1-1692311f1902
Part 2: https://kishorbalan.medium.com/ios-pentesting-series-part-2-into-the-battlefield-f17ed2778890
Part 3: https://kishorbalan.medium.com/ios-pentesting-series-part-3-the-ceasefire-53fcea3bbd70

How to detect Wi-Fi deauthentication attack and even receive notification on your smartphone
https://www.mobile-hacker.com/2023/10/12/detect-wi-fi-deauthentication-attack-using-esp8266-and-receive-notification-on-smartphone/

An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit
https://googleprojectzero.blogspot.com/2023/10/an-analysis-of-an-in-the-wild-ios-safari-sandbox-escape.html

PoC exploit for CVE-2023-41993 where web content may lead to arbitrary code execution affecting iOS before 16.7
https://github.com/po6ix/POC-for-CVE-2023-41993

Analysis of SpyNote spyware that logs and steals a variety of information, including key strokes, call logs, information on installed applications etc.
https://blog.f-secure.com/take-a-note-of-spynote/

Malicious “RedAlert - Rocket Alerts” Application Targets Israeli Phone Calls, SMS, and User Information through fake website
https://blog.cloudflare.com/malicious-redalert-rocket-alerts-application-targets-israeli-phone-calls-sms-and-user-information/

BLE Spam allows now to send unwanted notifications to iOS, Android and Windows at once using Flipper Zero.
If you don't have Flipper Zero, in the blog I explained how to trigger popups using any Android smartphone even with custom messages
https://www.mobile-hacker.com/2023/10/17/spam-ios-android-and-windows-with-bluetooth-pairing-messages-using-flipper-zero-or-android-smartphone/

iObfuscate: Unraveling iOS Obfuscation Techniques
Examine multiple examples of Reverse Engineering iOS obfuscation techniques
https://github.com/LaurieWired/ObjectiveByTheSea2023/

Automatically extract URL and IP endpoints from Android app to a text file using apk2url.
Fast and useful tool for pentesters, bug bounty hunters, or malware analyst
https://github.com/n0mi1k/apk2url

Analysis of Rusty Droid Android RAT
https://labs.k7computing.com/index.php/rusty-droid-under-the-hood-of-a-dangerous-android-rat/

The outstanding stealth of Operation Triangulation
https://securelist.com/triangulation-validators-modules/110847/

How to increase radio range of Flipper Zero beyond 100 meters | internal vs. external radio module
https://www.mobile-hacker.com/2023/10/24/how-to-increase-radio-range-of-flipper-zero-yourself-beyond-100-meters/

Pwn2Own 2023 hacking contest resulted in hacking Samsung Galaxy S23 twice, Xiaomi's 13 Pro smartphone, as well as printers, smart speakers, Network Attached Storage (NAS) devices, and surveillance cameras from Western Digital, QNAP, Synology, Canon, Lexmark, and Sonos
https://www.bleepingcomputer.com/news/security/samsung-galaxy-s23-hacked-twice-on-first-day-of-pwn2own-toronto/