Android Banking Trojan – OctoV2, masquerading as Deepseek AI
https://labs.k7computing.com/index.php/android-banking-trojan-octov2-masquerading-as-deepseek-ai/

It works! The first real smartwatch with Wi-Fi injection, capturing a WPA2 handshake! Using Kali NetHunter running Hijacker app on TicWatch Pro 3 smartwatch. All of that is possible thanks to @yesimxev, one of NetHunter developers! Video credits to @yesimxev (X)
https://www.instagram.com/reel/DHK8eahN2IZ/

🚨 Android Threat Hunters, Your Job Just Got Easier!
ANY.RUN has just released a brand-new OS designed for real-time Android threat analysis inside a secure sandbox environment.
Now, businesses and security teams can:
✅ Detect Android threats faster
🔍 Investigate APK behavior in real time
⚡ Speed up incident response
💰 Reduce cybersecurity costs
Best part? It’s available for all plans—even FREE users!
👉 Try now: https://goo.su/GH7WO

Vapor malware: Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease
Blog: https://www.bitdefender.com/en-us/blog/labs/malicious-google-play-apps-bypassed-android-security
PDF report: https://go.integralads.com/rs/469-VBI-606/images/AMER_VAPOR_THREAT_REPORT_IAS.pdf

Analysis of Paragon’s Graphite Spyware Operations misusing WhatsApp Zero-Click exploit
https://citizenlab.ca/2025/03/a-first-look-at-paragons-proliferating-spyware-operations/

Looks like there is a demand for Telegram RCE exploit
https://techcrunch.com/2025/03/21/russian-zero-day-seller-is-offering-up-to-4-million-for-telegram-exploits/

Safari 1day RCE Exploit
Confirmed exploit works on macOS 13.3.1, iOS 15.8.2.
https://github.com/wh1te4ever/WebKit-Bug-256172/tree/ios-arm64

New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI (new Xamarin)
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui/

A Blueprint of Android Activity Lifecycle
https://8ksec.io/a-blueprint-of-android-activity-lifecycle/

APT36 Mimics India Post Website to Spread Malware to Windows and Android Users
https://www.cyfirma.com/research/turning-aid-into-attack-exploitation-of-pakistans-youth-laptop-scheme-to-target-india/

PJobRAT makes a comeback, takes another crack at chat apps
https://news.sophos.com/en-us/2025/03/27/pjobrat-makes-a-comeback-takes-another-crack-at-chat-apps/

Feberis Pro: I have tested a new 4-in-1 Expansion Board for Flipper Zero
https://www.mobile-hacker.com/2025/03/31/feberis-pro-the-ultimate-4-in-1-expansion-board-for-flipper-zero/

Exposing Crocodilus: New Device Takeover Malware Targeting Android Devices
https://www.threatfabric.com/blogs/exposing-crocodilus-new-device-takeover-malware-targeting-android-devices

TsarBot: A New Android Banking Trojan Targeting Over 750 Banking, Finance, and Cryptocurrency Applications
https://cyble.com/blog/tsarbot-using-overlay-attacks-targeting-bfsi-sector/

'Lucid' Phishing Platform Targets iOS and Android Users with SMS Attacks
https://catalyst.prodaft.com/public/report/lucid/overview

Detailed Analysis of DocSwap Malware Disguised as Security Document Viewer operated by Kimsuky APT
https://medium.com/s2wblog/detailed-analysis-of-docswap-malware-disguised-as-security-document-viewer-218a728c36ff

Salvador Stealer: New Android Malware That Phishes Banking Details & OTPs
https://any.run/cybersecurity-blog/salvador-stealer-malware-analysis/

[pdf] DVa: Extracting Victims and Abuse Vectors from Android Accessibility Malware
https://www.usenix.org/system/files/sec24summer-prepub-136-xu-haichuan.pdf

Android Malware Disguised as Government Alerts distributed in India via WhatsApp
https://blogs.quickheal.com/beware-malicious-android-malware-disguised-as-government-alerts/

BADBAZAAR and MOONSHINE: Spyware targeting Uyghur, Taiwanese and Tibetan groups and civil society actors
https://www.ncsc.gov.uk/news/advisory-badbazaar-moonshine

BADBAZAAR and MOONSHINE: Technical analysis and mitigations
https://www.ncsc.gov.uk/news/advisory-badbazaar-moonshine-technical-analysis-mitigations