Beware of TsarBot! This Android banking Trojan spreads via phishing, steals credentials, and hijacks devices. Stay safe with our latest insights.

Author: HyeongJun Kim | S2W TALON

Discover detailed analysis of Salvador Stealer, a new Android malware targeting users of mobile banking apps.

In our high-tech world, sneaky cyber threats can pop up anywhere. Lately, we’ve spotted sneaky malware on Android...

The NCSC and partners publish new information and mitigation measures for those at high risk from two spyware variants.

This advisory provides new and collated threat intelligence on two variants of spyware known as BADBAZAAR and MOONSHINE, and includes advice for app store operators, developers and social media companies to help keep their users safe.

CTM360’s Play Masquerading Party (PMP) report exposes an evolution of the PlayPraetor scam, highlighting fake Play Store pages, phishing apps, and RAT variants targeting global users

SMS Pumping fraud is a deceptive scheme where fraudsters manipulate SMS verification systems to inflate non-organic traffic and generate revenue at businesses’ expense. Discover how it works and ways to mitigate it.

In this article, I will share a tip for those interested in performing a more detailed analysis of the behavior of native methods, with a…

Deceptive websites hosted on newly registered domains are being used to deliver AndroidOS SpyNote malware. These sites mimic the Google Chrome install page on the Google Play Store.

This article marks the first in a series aimed at sharing my adventures, personal notes, and insights into the Android kernel. My focus…

Full noscript: Rethinking Emulation for Fu(zzi)n(g) and Profit: Near-Native Rehosting for Embedded ARM Firmware
Slides: https://github.com/binarly-io/Research_Publications/blob/main/REverse_2025/Near-Native%20Rehosting%20for%20Embedded%20ARM%20Firmware.pdf
…

Every year, cryptocurrencies become more and more common as a payment method. According to the data for 2023, in developed countries about 20% of the population has at some time used such a means of payment, and in developing countries, where the banking…

TL;DR #1: Rooting an Android device allows for system modifications, bypassing restrictions, and performing security testing. This post…

Flutter Mobile Application Reverse Engineering Tool - worawit/blutter

SpyMax Variant Targeting Chinese-Speaking Users: In early 2025, our threat intelligence team analyzed a highly sophisticated Android spyware.

Doctor Web’s experts have discovered Android.Spy.1292.origin, spyware whose main target is Russian military personnel. The attackers hide this trojan inside modified Alpine Quest mapping software and distribute it in various ways, including through one of…

How I tracked myself down using leaked location data in the in-app ads, and what I found along the way.