Fantasy Hub: Analysis of Russian Based Android RAT as M-a-a-S
https://zimperium.com/blog/fantasy-hub-another-russian-based-rat-as-m-a-a-s
https://zimperium.com/blog/fantasy-hub-another-russian-based-rat-as-m-a-a-s
Zimperium
Fantasy Hub: Another Russian Based RAT as M-a-a-S
true
👍11
LANDFALL: New Android commercial-grade spyware targeted Samsung Galaxy devices via a WhatsApp zero-click exploit in image parsing (CVE-2025-21042)
https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/
https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/
🔥23👍4👏3❤2
Runtime Android Object Instrumentation
https://knifecoat.com/Posts/Runtime+Android+Object+Instrumentation
https://knifecoat.com/Posts/Runtime+Android+Object+Instrumentation
KnifeCoat
Runtime Android Object Instrumentation - KnifeCoat
Intro This year I have been doing quite a bit Android userland analysis. Android is a wonderful platform to work on, great decompiler support (JEB), easy access to rooted devices (unless you buy NA l…
👍9
The North Korean state-sponsored KONNI APT group is now using remote wipe tactics to erase Android devices through compromised victim computer
https://www.genians.co.kr/en/blog/threat_intelligence/android
https://www.genians.co.kr/en/blog/threat_intelligence/android
www.genians.co.kr
State-Sponsored Remote Wipe Tactics Targeting Android Devices
The Konni APT campaign has caused damage by remotely resetting Google Android-based devices, resulting in the unauthorized deletion of personal data.
👍11❤5🌚4
North Korean APT actors exploited ZipperDown vulnerability in Android apps via malicious emails.
One click → overwrite app library → full control.
https://ti.qianxin.com/blog/articles/operation-south-star-en/
One click → overwrite app library → full control.
https://ti.qianxin.com/blog/articles/operation-south-star-en/
Qianxin
奇安信威胁情报中心
Nuxt.js project
👍9
First-ever interview with one of Kali NetHunter developers @yesimxev is live!
We "sat down" and talked about:
His hacking journey.
What are the best smartphone for running NetHunter.
Two newly supported devices revealed.
A sneak peek into his brand-new podcast and more.
https://www.mobile-hacker.com/2025/11/11/inside-the-mind-of-a-kali-nethunter-developer-a-deep-dive-with-yesimxev/
We "sat down" and talked about:
His hacking journey.
What are the best smartphone for running NetHunter.
Two newly supported devices revealed.
A sneak peek into his brand-new podcast and more.
https://www.mobile-hacker.com/2025/11/11/inside-the-mind-of-a-kali-nethunter-developer-a-deep-dive-with-yesimxev/
👍9❤6
Flutter SSL Bypass: How to Intercept HTTPS Traffic When all other Frida Scripts Fail
https://m4kr0x.medium.com/flutter-tls-bypass-how-to-intercept-https-traffic-when-all-other-frida-noscripts-fail-bd3d04489088
https://m4kr0x.medium.com/flutter-tls-bypass-how-to-intercept-https-traffic-when-all-other-frida-noscripts-fail-bd3d04489088
Medium
Flutter SSL Bypass: How to Intercept HTTPS Traffic When all other Frida Scripts Fail
In this article, I’ll walk you through my journey in intercepting HTTPS traffic from a APK based on Flutter during a pentesting engagement…
👍20🔥8❤5🎃4
GPT Trade: Fake Google Play Store drops BTMob Spyware and UASecurity Miner on Android Devices
https://www.d3lab.net/gpt-trade-fake-google-play-store-drops-btmob-spyware-and-uasecurity-miner-on-android-devices/
https://www.d3lab.net/gpt-trade-fake-google-play-store-drops-btmob-spyware-and-uasecurity-miner-on-android-devices/
D3Lab
GPT Trade: Fake Google Play Store drops BTMob Spyware and UASecurity Miner on Android Devices
A recently discovered Android campaign leverages a fake Google Play Store to distribute GPT Trade, a malicious dropper posing as a ChatGPT-themed trading app. Once installed, the dropper silently generates and deploys two additional malware families—BTMob…
❤16👍5💩2🥴1🌚1
One of top-selling digital picture frames from Amazon’s between March and April 2025 comes:
-rooted by default
-runs Android 6
-SELinux security module disabled
-downloads and executes malicious payloads from China-based servers at boot
-17 security issues discovered
report: https://go.quokka.io/hubfs/App-Intel/Technical_Uhale-Digital-Picture-Frame-Security-Assessment.pdf
-rooted by default
-runs Android 6
-SELinux security module disabled
-downloads and executes malicious payloads from China-based servers at boot
-17 security issues discovered
report: https://go.quokka.io/hubfs/App-Intel/Technical_Uhale-Digital-Picture-Frame-Security-Assessment.pdf
😁23👍9🤯6👀2
A Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers
https://github.com/sbaresearch/whatsapp-census
https://github.com/sbaresearch/whatsapp-census
🤯19🔥10🥱4👍3❤2
Sturnus: Mobile Banking Malware bypassing WhatsApp, Telegram and Signal Encryption
https://www.threatfabric.com/blogs/sturnus-banking-trojan-bypassing-whatsapp-telegram-and-signal
https://www.threatfabric.com/blogs/sturnus-banking-trojan-bypassing-whatsapp-telegram-and-signal
ThreatFabric
Sturnus: Mobile Banking Malware bypassing WhatsApp, Telegram and Signal Encryption
Sturnus is a privately operated Android banking trojan with many fraud-related capabilities, including Device Takeover and capturing decrypted messages.
🎃11👍8🥱2
The Phia app for iOS injects JavaScript and still collects almost every URL you visit with their Safari extension. Safari extensions even with Apple’s restrictions
https://gist.github.com/dweinstein/4d827f787ba65b5d0fd05cc9814883c4
https://gist.github.com/dweinstein/4d827f787ba65b5d0fd05cc9814883c4
Gist
phia ios app analysis (living document)
phia ios app analysis (living document). GitHub Gist: instantly share code, notes, and snippets.
👍11🤯3❤1🤣1
WhatsApp by the Numbers
I dived into anonymized metadata published after a #WhatsApp security issue that exposed 3.5B phone numbers
-Android rules (81%)
-iOS dominates in rich markets
-Monaco = multi-account heaven
-China is niche but enterprise-heavy
https://www.mobile-hacker.com/2025/11/20/whatsapp-by-the-numbers-what-anonymized-metadata-from-a-security-flaw-reveals/
I dived into anonymized metadata published after a #WhatsApp security issue that exposed 3.5B phone numbers
-Android rules (81%)
-iOS dominates in rich markets
-Monaco = multi-account heaven
-China is niche but enterprise-heavy
https://www.mobile-hacker.com/2025/11/20/whatsapp-by-the-numbers-what-anonymized-metadata-from-a-security-flaw-reveals/
Mobile Hacker
WhatsApp by the Numbers: What Anonymized Metadata from a Security Flaw Reveals
The dataset originates from metadata published in connection with a security study noscriptd “Trivial WhatsApp Security Issue Exposed 3.5 Billion Phone Numbers.” That research demonstrated how a simple flaw could reveal phone numbers globally.
❤14👍6🔥3🤮3
How deep links in mobile apps can be exploited for Remote Code Execution (RCE)
https://medium.com/meetcyber/exploiting-deep-links-for-rce-in-mobile-applications-6806c330c00b
https://medium.com/meetcyber/exploiting-deep-links-for-rce-in-mobile-applications-6806c330c00b
Medium
Exploiting Deep Links for RCE in Mobile Applications
In this blog, we will see how we can exploit a deeplink to achieve an RCE
❤14👍4🌚2
Proof-of-concept exploit showing how itunesstored & bookassetd daemons can be abused to escape iOS sandbox restrictions
https://hanakim3945.github.io/posts/download28_sbx_escape/
https://hanakim3945.github.io/posts/download28_sbx_escape/
Hana's Blog
itunesstored & bookassetd sbx escape - Hana's Blog
POC writeup to exploit sandbox escape in itunesstored & bookassetd
🌚8👍4
GhostAd: Hidden Google Play Adware Drains Devices and Disrupts Millions of Users
https://blog.checkpoint.com/research/ghostad-hidden-google-play-adware-drains-devices-and-disrupts-millions-of-users/
https://blog.checkpoint.com/research/ghostad-hidden-google-play-adware-drains-devices-and-disrupts-millions-of-users/
Check Point Blog
GhostAd: Hidden Google Play Adware Drains Devices and Disrupts Millions of Users - Check Point Blog
Check Point researchers uncover a large-scale Android adware campaign that silently drains resources and disrupts normal phone use through persistent
👍6🌚2
RadzaRat: New Android Trojan Disguised as File Manager Emerges with Zero Detection Rate
https://www.certosoftware.com/insights/radzarat-new-android-trojan-disguised-as-file-manager-emerges-with-zero-detection-rate/
https://www.certosoftware.com/insights/radzarat-new-android-trojan-disguised-as-file-manager-emerges-with-zero-detection-rate/
Certo Software | iPhone & Android Spyware Detection
RadzaRat: New Android Trojan Disguised as File Manager Emerges with Zero Detection Rate
The Android malware-as-a-service (MaaS) ecosystem continues to evolve with increasingly sophisticated threats designed to evade security measures while maintaining operational simplicity for would-be attackers.
👍14👨💻6❤5
Is Your Android TV Streaming Box Part of a Botnet?
https://krebsonsecurity.com/2025/11/is-your-android-tv-streaming-box-part-of-a-botnet/
https://krebsonsecurity.com/2025/11/is-your-android-tv-streaming-box-part-of-a-botnet/
Krebs on Security
Is Your Android TV Streaming Box Part of a Botnet?
On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and streaming services like Netflix, ESPN and Hulu, all for…
❤10⚡4👍3
Turn Your Old Android Into a Privacy Box!
Pi-hole blocks ads, trackers and shady websites across your entire network - and you can run it on that old Android phone sitting in your drawer!
https://www.mobile-hacker.com/2025/11/25/pi%e2%80%91hole-on-android-turn-your-spare-smartphone-into-a-network%e2%80%91wide-ad%e2%80%91blocker/
Pi-hole blocks ads, trackers and shady websites across your entire network - and you can run it on that old Android phone sitting in your drawer!
https://www.mobile-hacker.com/2025/11/25/pi%e2%80%91hole-on-android-turn-your-spare-smartphone-into-a-network%e2%80%91wide-ad%e2%80%91blocker/
Mobile Hacker
Pi‑hole on Android: Turn Your Spare Smartphone into a Network‑Wide Ad‑Blocker
Pi‑hole is a network‑level ad and tracker blocker. Instead of installing ad‑blockers on each device, Pi‑hole runs as your DNS server, intercepting domain lookups and returning a null/blocked response for domains on curated blocklists.
❤25👍9🔥7
RelayNFC: The New NFC Relay Malware Targeting Brazil
https://cyble.com/blog/relaynfc-nfc-relay-malware-targeting-brazil/
https://cyble.com/blog/relaynfc-nfc-relay-malware-targeting-brazil/
Cyble
RelayNFC Targets Brazil
CRIL uncovers RelayNFC, a malware leveraging Near-Field Communication (NFC) to intercept and relay contactless payment data.
🌚8👍5❤3
Arbitrary App Installation on Intune Managed Android Enterprise BYOD
https://jgnr.ch/sites/android_enterprise.html
https://jgnr.ch/sites/android_enterprise.html
👍7🌚2