This media is not supported in your browser
VIEW IN TELEGRAM
FileFix – New Alternative to ClickFix Attack
https://www.mobile-hacker.com/2025/06/24/introducing-filefix-a-new-alternative-to-clickfix-attacks/
https://www.mobile-hacker.com/2025/06/24/introducing-filefix-a-new-alternative-to-clickfix-attacks/
😈10❤3🌚3😴2🔥1
Reverse Engineering the Android Malware Targeting CBE Users
https://www.linkedin.com/pulse/reverse-engineering-new-android-malware-targeting-ukfie/
https://www.linkedin.com/pulse/reverse-engineering-new-android-malware-targeting-ukfie/
Linkedin
Reverse Engineering the New Android Malware Targeting CBE Users
Last week, some Android users received a notification from the Commercial Bank of Ethiopia stating that two active android malware apps are stealing money from CBE accounts. Pharma+ CBE Vacancy And as soon as our team saw the notification, we wanted to get…
🤯13🌚2
Insecure Local Storage of Sensitive Payment and User Data on external storage by Airtel Android App (com.myairtelapp) (CVE-2025-5154)
https://github.com/honestcorrupt/-CVE-Proof-of-Concept-Airtel-Android-App-Insecure-Local-Storage-of-Sensitive-Data
https://github.com/honestcorrupt/-CVE-Proof-of-Concept-Airtel-Android-App-Insecure-Local-Storage-of-Sensitive-Data
GitHub
GitHub - honestcorrupt/-CVE-Proof-of-Concept-Airtel-Android-App-Insecure-Local-Storage-of-Sensitive-Data
Contribute to honestcorrupt/-CVE-Proof-of-Concept-Airtel-Android-App-Insecure-Local-Storage-of-Sensitive-Data development by creating an account on GitHub.
🌚11❤2
How to debug binaries using GDB in Android within Termux
https://ad2001.com/blog/gdb-inside-device
https://ad2001.com/blog/gdb-inside-device
Ajin Deepak
A Quick and Dirty Way to Debug Inside Android with GDB
This covers a quick and dirty way to debug inside a rooted AVD using GDB + GEF.
👍12
Bluetooth gap turns headphones into listening stations
CVE-2025-20700: Missing Authentication for GATT Services
CVE-2025-20701: Missing Authentication for Bluetooth BR/EDR
CVE-2025-20702: Critical Capabilities of a Custom Protocol
https://insinuator.net/2025/06/airoha-bluetooth-security-vulnerabilities/
CVE-2025-20700: Missing Authentication for GATT Services
CVE-2025-20701: Missing Authentication for Bluetooth BR/EDR
CVE-2025-20702: Critical Capabilities of a Custom Protocol
https://insinuator.net/2025/06/airoha-bluetooth-security-vulnerabilities/
🌚23
The Ullu app (Web, Android, iOS) parental PIN protection can be bypassed via brute force techniques (CVE-2025-45083) https://pastebin.com/mFM1a3CP
Pastebin
CVE-2025-45083 - FULL DISCLOSURE - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
👌14😁5🌚4✍3
Qwizzserial malware steals banking information and intercepts 2FA SMS targeting Uzbekistan
https://www.group-ib.com/blog/rise-of-qwizzserial/
https://www.group-ib.com/blog/rise-of-qwizzserial/
❤9🌚2👎1😈1🙈1
Android on-device fuzzing: Reproducing a WhatsApp bug with AFL & Frida (CVE-2019-11932)
https://www.ibm.com/think/x-force/reproducing-million-dollar-bug-whatsapp-cve-2019-11932-afl-frida
https://www.ibm.com/think/x-force/reproducing-million-dollar-bug-whatsapp-cve-2019-11932-afl-frida
Ibm
Reproducing a million-dollar bug: WhatsApp CVE-2019-11932 (with AFL & Frida) | IBM
Dive into research on a double-free vulnerability, CVE-2019-11932, in an image processing library used by WhatsApp and a GIF-processing vulnerability affecting Android mobile phones.
👍16❤1🌚1😴1
IconAds scheme: A collection of 352 apps which load out-of-context ads on a user’s screen and hide the app icons
https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-iconads/
https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-iconads/
👍9❤1
Taking over 60k spyware user accounts with SQL injection
https://ericdaigle.ca/posts/taking-over-60k-spyware-user-accounts/
https://ericdaigle.ca/posts/taking-over-60k-spyware-user-accounts/
Eric Daigle
Taking over 60k spyware user accounts with SQL injection
Serverless means it's secure, right?
🔥18🌚1
Vibe Hacking with Nmap using Android
https://www.mobile-hacker.com/2025/07/07/vibe-hacking-with-nmap-using-android/
https://www.mobile-hacker.com/2025/07/07/vibe-hacking-with-nmap-using-android/
🤮14🌚7🥴6🤡5❤3🍌3👍2😈2👏1💩1🎅1
How to Install Gemini CLI on Android using Termux
https://www.mobile-hacker.com/2025/07/09/how-to-install-gemini-cli-on-android-using-termux/
https://www.mobile-hacker.com/2025/07/09/how-to-install-gemini-cli-on-android-using-termux/
❤14🤔7👏3
Anatsa Android Banking Trojan Infects 90,000 Users via Fake PDF App on Google Play
https://www.threatfabric.com/blogs/anatsa-targets-north-america-uses-proven-mobile-campaign-process
https://www.threatfabric.com/blogs/anatsa-targets-north-america-uses-proven-mobile-campaign-process
ThreatFabric
Anatsa Targets North America; Uses Proven Mobile Campaign Process
Anatsa targets North America again: ThreatFabric uncovers a new Android banking Trojan campaign using Google Play to compromise mobile banking apps.
😍7❤3🥱1🌚1
Media is too big
VIEW IN TELEGRAM
TapTrap: It’s attack on Android where a dedicated app uses animation to lure you into tapping on the screen and performing unwanted actions without your consent #Tapjacking
TapTrap to enable camera access for a website via Chrome browser.
https://taptrap.click/
TapTrap to enable camera access for a website via Chrome browser.
https://taptrap.click/
👍21❤3🤯3
The first version of Bitchat Android app was published
It is open-source, private, secure messaging app without needing the internet, that relies on Bluetooth mesh network
https://www.mobile-hacker.com/2025/07/10/offline-encrypted-and-private-messaging-using-new-bitchat-bluetooth-app/
It is open-source, private, secure messaging app without needing the internet, that relies on Bluetooth mesh network
https://www.mobile-hacker.com/2025/07/10/offline-encrypted-and-private-messaging-using-new-bitchat-bluetooth-app/
❤16🌚2
Media is too big
VIEW IN TELEGRAM
How to setup Hijacker app on Samsung Galaxy S10 with wireless injection
https://forums.kali.org/t/hijacker-on-the-samsung-galaxy-s10-with-wireless-injection/10305
https://forums.kali.org/t/hijacker-on-the-samsung-galaxy-s10-with-wireless-injection/10305
🌚10🔥1
PerfektBlue Bluetooth attack allows hacking using 1-click RCE infotainment systems of Mercedes, Volkswagen, and Skoda (CVE-2024-45431, CVE-2024-45432, CVE-2024-45433, CVE-2024-45434)
https://perfektblue.pcacybersecurity.com/
https://perfektblue.pcacybersecurity.com/
PerfektBlue
PerfektBlue – 1-Click RCE in Bluetooth
PCA Team uncovered critical over-the-air attack chain, enabling 1-click Remote Code Execution (RCE) in vulnerable devices. Affected manufacturers include Volkswagen, Mercedes-Benz and Skoda.
🌚17🔥1
How Malicious Android Apps Can Impersonate Yours Using Deep Links
https://medium.com/@frankheat/how-malicious-android-apps-can-impersonate-yours-using-deep-links-8eac7f245aaf
https://medium.com/@frankheat/how-malicious-android-apps-can-impersonate-yours-using-deep-links-8eac7f245aaf
Medium
How Malicious Android Apps Can Impersonate Yours Using Deep Links
Hey, I’m frankheat. As a penetration tester, I focus on often-missed attack vectors. One of the more effective ones I’ve analyzed recently…
❤16🌚3👎1
Media is too big
VIEW IN TELEGRAM
Chat without internet via Bluetooth
It is open-source, private, secure messaging app without needing the internet, that relies on Bluetooth mesh network
Info: https://www.mobile-hacker.com/2025/07/10/offline-encrypted-and-private-messaging-using-new-bitchat-bluetooth-app/
Download the latest app: https://github.com/permissionlesstech/bitchat-android/releases
It is open-source, private, secure messaging app without needing the internet, that relies on Bluetooth mesh network
Info: https://www.mobile-hacker.com/2025/07/10/offline-encrypted-and-private-messaging-using-new-bitchat-bluetooth-app/
Download the latest app: https://github.com/permissionlesstech/bitchat-android/releases
👨💻13👍1
Shizuku unlocks advanced functionality on any Android
Using Shizuku app your Android gains ADB (Shell) privileges to remove bloatware, list running processes, open listening ports, view stored Wi-Fi passwords, inspect logcat of other apps, enable/disable specific Android app components etc.
https://www.mobile-hacker.com/2025/07/14/shizuku-unlocking-advanced-android-capabilities-without-root/
Using Shizuku app your Android gains ADB (Shell) privileges to remove bloatware, list running processes, open listening ports, view stored Wi-Fi passwords, inspect logcat of other apps, enable/disable specific Android app components etc.
https://www.mobile-hacker.com/2025/07/14/shizuku-unlocking-advanced-android-capabilities-without-root/
❤29🔥2👏1