The NCSC and partners publish new information and mitigation measures for those at high risk from two spyware variants.

This advisory provides new and collated threat intelligence on two variants of spyware known as BADBAZAAR and MOONSHINE, and includes advice for app store operators, developers and social media companies to help keep their users safe.

CTM360’s Play Masquerading Party (PMP) report exposes an evolution of the PlayPraetor scam, highlighting fake Play Store pages, phishing apps, and RAT variants targeting global users

SMS Pumping fraud is a deceptive scheme where fraudsters manipulate SMS verification systems to inflate non-organic traffic and generate revenue at businesses’ expense. Discover how it works and ways to mitigate it.

In this article, I will share a tip for those interested in performing a more detailed analysis of the behavior of native methods, with a…

Deceptive websites hosted on newly registered domains are being used to deliver AndroidOS SpyNote malware. These sites mimic the Google Chrome install page on the Google Play Store.

This article marks the first in a series aimed at sharing my adventures, personal notes, and insights into the Android kernel. My focus…

Full noscript: Rethinking Emulation for Fu(zzi)n(g) and Profit: Near-Native Rehosting for Embedded ARM Firmware
Slides: https://github.com/binarly-io/Research_Publications/blob/main/REverse_2025/Near-Native%20Rehosting%20for%20Embedded%20ARM%20Firmware.pdf
…

Every year, cryptocurrencies become more and more common as a payment method. According to the data for 2023, in developed countries about 20% of the population has at some time used such a means of payment, and in developing countries, where the banking…

TL;DR #1: Rooting an Android device allows for system modifications, bypassing restrictions, and performing security testing. This post…

Flutter Mobile Application Reverse Engineering Tool - worawit/blutter

SpyMax Variant Targeting Chinese-Speaking Users: In early 2025, our threat intelligence team analyzed a highly sophisticated Android spyware.

Doctor Web’s experts have discovered Android.Spy.1292.origin, spyware whose main target is Russian military personnel. The attackers hide this trojan inside modified Alpine Quest mapping software and distribute it in various ways, including through one of…

How I tracked myself down using leaked location data in the in-app ads, and what I found along the way.

A new fraud campaign based on the Android malware "SuperCard X" and innovative NFC relay techniques is impacting Italian's banking. Read our latest report to learn more.

Fork of https://github.com/xairy/Facedancer/tree/rawgadget with patches for testing CVE-2024-53197 - zhuowei/facedancer

Introduction Rooting an Android emulator is essential for mobile app security research because it allows researchers to use powerful instrumentation and debugging tools that require root privileges. By obtaining full root (superuser) access on an AVD, you…

Kaspersky expert has discovered a new version of the Triada Trojan, with custom modules for Telegram, WhatsApp, TikTok, and other apps.

Oligo Security reveals AirBorne, a new set of vulnerabilities in Apple’s AirPlay protocol and SDK. Learn how zero-click RCEs, ACL bypasses, and wormable exploits could endanger Apple and IoT devices worldwide — and how to protect yourself.

Gui Rambo writes about his coding and reverse engineering adventures.