North Korean APT actors exploited ZipperDown vulnerability in Android apps via malicious emails.
One click → overwrite app library → full control.
https://ti.qianxin.com/blog/articles/operation-south-star-en/
One click → overwrite app library → full control.
https://ti.qianxin.com/blog/articles/operation-south-star-en/
Qianxin
奇安信威胁情报中心
Nuxt.js project
👍9
First-ever interview with one of Kali NetHunter developers @yesimxev is live!
We "sat down" and talked about:
His hacking journey.
What are the best smartphone for running NetHunter.
Two newly supported devices revealed.
A sneak peek into his brand-new podcast and more.
https://www.mobile-hacker.com/2025/11/11/inside-the-mind-of-a-kali-nethunter-developer-a-deep-dive-with-yesimxev/
We "sat down" and talked about:
His hacking journey.
What are the best smartphone for running NetHunter.
Two newly supported devices revealed.
A sneak peek into his brand-new podcast and more.
https://www.mobile-hacker.com/2025/11/11/inside-the-mind-of-a-kali-nethunter-developer-a-deep-dive-with-yesimxev/
👍9❤6
Flutter SSL Bypass: How to Intercept HTTPS Traffic When all other Frida Scripts Fail
https://m4kr0x.medium.com/flutter-tls-bypass-how-to-intercept-https-traffic-when-all-other-frida-noscripts-fail-bd3d04489088
https://m4kr0x.medium.com/flutter-tls-bypass-how-to-intercept-https-traffic-when-all-other-frida-noscripts-fail-bd3d04489088
Medium
Flutter SSL Bypass: How to Intercept HTTPS Traffic When all other Frida Scripts Fail
In this article, I’ll walk you through my journey in intercepting HTTPS traffic from a APK based on Flutter during a pentesting engagement…
👍20🔥8❤5🎃4
GPT Trade: Fake Google Play Store drops BTMob Spyware and UASecurity Miner on Android Devices
https://www.d3lab.net/gpt-trade-fake-google-play-store-drops-btmob-spyware-and-uasecurity-miner-on-android-devices/
https://www.d3lab.net/gpt-trade-fake-google-play-store-drops-btmob-spyware-and-uasecurity-miner-on-android-devices/
D3Lab
GPT Trade: Fake Google Play Store drops BTMob Spyware and UASecurity Miner on Android Devices
A recently discovered Android campaign leverages a fake Google Play Store to distribute GPT Trade, a malicious dropper posing as a ChatGPT-themed trading app. Once installed, the dropper silently generates and deploys two additional malware families—BTMob…
❤16👍5💩2🥴1🌚1
One of top-selling digital picture frames from Amazon’s between March and April 2025 comes:
-rooted by default
-runs Android 6
-SELinux security module disabled
-downloads and executes malicious payloads from China-based servers at boot
-17 security issues discovered
report: https://go.quokka.io/hubfs/App-Intel/Technical_Uhale-Digital-Picture-Frame-Security-Assessment.pdf
-rooted by default
-runs Android 6
-SELinux security module disabled
-downloads and executes malicious payloads from China-based servers at boot
-17 security issues discovered
report: https://go.quokka.io/hubfs/App-Intel/Technical_Uhale-Digital-Picture-Frame-Security-Assessment.pdf
😁23👍9🤯6👀2
A Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers
https://github.com/sbaresearch/whatsapp-census
https://github.com/sbaresearch/whatsapp-census
🤯19🔥10🥱4👍3❤2
Sturnus: Mobile Banking Malware bypassing WhatsApp, Telegram and Signal Encryption
https://www.threatfabric.com/blogs/sturnus-banking-trojan-bypassing-whatsapp-telegram-and-signal
https://www.threatfabric.com/blogs/sturnus-banking-trojan-bypassing-whatsapp-telegram-and-signal
ThreatFabric
Sturnus: Mobile Banking Malware bypassing WhatsApp, Telegram and Signal Encryption
Sturnus is a privately operated Android banking trojan with many fraud-related capabilities, including Device Takeover and capturing decrypted messages.
🎃11👍8🥱2
The Phia app for iOS injects JavaScript and still collects almost every URL you visit with their Safari extension. Safari extensions even with Apple’s restrictions
https://gist.github.com/dweinstein/4d827f787ba65b5d0fd05cc9814883c4
https://gist.github.com/dweinstein/4d827f787ba65b5d0fd05cc9814883c4
Gist
phia ios app analysis (living document)
phia ios app analysis (living document). GitHub Gist: instantly share code, notes, and snippets.
👍11🤯3❤1🤣1
WhatsApp by the Numbers
I dived into anonymized metadata published after a #WhatsApp security issue that exposed 3.5B phone numbers
-Android rules (81%)
-iOS dominates in rich markets
-Monaco = multi-account heaven
-China is niche but enterprise-heavy
https://www.mobile-hacker.com/2025/11/20/whatsapp-by-the-numbers-what-anonymized-metadata-from-a-security-flaw-reveals/
I dived into anonymized metadata published after a #WhatsApp security issue that exposed 3.5B phone numbers
-Android rules (81%)
-iOS dominates in rich markets
-Monaco = multi-account heaven
-China is niche but enterprise-heavy
https://www.mobile-hacker.com/2025/11/20/whatsapp-by-the-numbers-what-anonymized-metadata-from-a-security-flaw-reveals/
Mobile Hacker
WhatsApp by the Numbers: What Anonymized Metadata from a Security Flaw Reveals
The dataset originates from metadata published in connection with a security study noscriptd “Trivial WhatsApp Security Issue Exposed 3.5 Billion Phone Numbers.” That research demonstrated how a simple flaw could reveal phone numbers globally.
❤14👍6🔥3🤮3
How deep links in mobile apps can be exploited for Remote Code Execution (RCE)
https://medium.com/meetcyber/exploiting-deep-links-for-rce-in-mobile-applications-6806c330c00b
https://medium.com/meetcyber/exploiting-deep-links-for-rce-in-mobile-applications-6806c330c00b
Medium
Exploiting Deep Links for RCE in Mobile Applications
In this blog, we will see how we can exploit a deeplink to achieve an RCE
❤14👍4🌚2
Proof-of-concept exploit showing how itunesstored & bookassetd daemons can be abused to escape iOS sandbox restrictions
https://hanakim3945.github.io/posts/download28_sbx_escape/
https://hanakim3945.github.io/posts/download28_sbx_escape/
Hana's Blog
itunesstored & bookassetd sbx escape - Hana's Blog
POC writeup to exploit sandbox escape in itunesstored & bookassetd
🌚8👍4
GhostAd: Hidden Google Play Adware Drains Devices and Disrupts Millions of Users
https://blog.checkpoint.com/research/ghostad-hidden-google-play-adware-drains-devices-and-disrupts-millions-of-users/
https://blog.checkpoint.com/research/ghostad-hidden-google-play-adware-drains-devices-and-disrupts-millions-of-users/
Check Point Blog
GhostAd: Hidden Google Play Adware Drains Devices and Disrupts Millions of Users - Check Point Blog
Check Point researchers uncover a large-scale Android adware campaign that silently drains resources and disrupts normal phone use through persistent
👍6🌚2
RadzaRat: New Android Trojan Disguised as File Manager Emerges with Zero Detection Rate
https://www.certosoftware.com/insights/radzarat-new-android-trojan-disguised-as-file-manager-emerges-with-zero-detection-rate/
https://www.certosoftware.com/insights/radzarat-new-android-trojan-disguised-as-file-manager-emerges-with-zero-detection-rate/
Certo Software | iPhone & Android Spyware Detection
RadzaRat: New Android Trojan Disguised as File Manager Emerges with Zero Detection Rate
The Android malware-as-a-service (MaaS) ecosystem continues to evolve with increasingly sophisticated threats designed to evade security measures while maintaining operational simplicity for would-be attackers.
👍14👨💻6❤5
Is Your Android TV Streaming Box Part of a Botnet?
https://krebsonsecurity.com/2025/11/is-your-android-tv-streaming-box-part-of-a-botnet/
https://krebsonsecurity.com/2025/11/is-your-android-tv-streaming-box-part-of-a-botnet/
Krebs on Security
Is Your Android TV Streaming Box Part of a Botnet?
On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and streaming services like Netflix, ESPN and Hulu, all for…
❤10⚡4👍3
Turn Your Old Android Into a Privacy Box!
Pi-hole blocks ads, trackers and shady websites across your entire network - and you can run it on that old Android phone sitting in your drawer!
https://www.mobile-hacker.com/2025/11/25/pi%e2%80%91hole-on-android-turn-your-spare-smartphone-into-a-network%e2%80%91wide-ad%e2%80%91blocker/
Pi-hole blocks ads, trackers and shady websites across your entire network - and you can run it on that old Android phone sitting in your drawer!
https://www.mobile-hacker.com/2025/11/25/pi%e2%80%91hole-on-android-turn-your-spare-smartphone-into-a-network%e2%80%91wide-ad%e2%80%91blocker/
Mobile Hacker
Pi‑hole on Android: Turn Your Spare Smartphone into a Network‑Wide Ad‑Blocker
Pi‑hole is a network‑level ad and tracker blocker. Instead of installing ad‑blockers on each device, Pi‑hole runs as your DNS server, intercepting domain lookups and returning a null/blocked response for domains on curated blocklists.
❤25👍9🔥7
RelayNFC: The New NFC Relay Malware Targeting Brazil
https://cyble.com/blog/relaynfc-nfc-relay-malware-targeting-brazil/
https://cyble.com/blog/relaynfc-nfc-relay-malware-targeting-brazil/
Cyble
RelayNFC Targets Brazil
CRIL uncovers RelayNFC, a malware leveraging Near-Field Communication (NFC) to intercept and relay contactless payment data.
🌚8👍5❤3
Arbitrary App Installation on Intune Managed Android Enterprise BYOD
https://jgnr.ch/sites/android_enterprise.html
https://jgnr.ch/sites/android_enterprise.html
👍7🌚2
Bypassing iOS Frida Detection with LLDB and Frida
https://tonygo.tech/blog/2025/8ksec-ios-ctf-writeup
https://tonygo.tech/blog/2025/8ksec-ios-ctf-writeup
tonygo.tech
Bypassing iOS Frida Detection with LLDB and Frida | Reverse Society
A complete walkthrough of the 8ksec "FridaInTheMiddle" challenge: bypassing Frida detection, hooking Swift functions, and intercepting arguments on a jailbroken iPhone.
👍15
Hunting potential C2 commands in Android malware via Smali string comparison and control flow
https://youtu.be/BVMEHN_D-Gg
https://youtu.be/BVMEHN_D-Gg
YouTube
Hunting potential C2 commands in Android malware via Smali string comparison and control flow
Hunting potential C2 commands in Android malware via Smali string comparison and control flow
Presented at the VB2025 conference in Berlin, 24 - 26 September 2025.
↓ Slides: https://www.virusbulletin.com/uploads/pdf/conference/vb2025/slides/Slides-Hunting…
Presented at the VB2025 conference in Berlin, 24 - 26 September 2025.
↓ Slides: https://www.virusbulletin.com/uploads/pdf/conference/vb2025/slides/Slides-Hunting…
🌚7👍4
[beginners] Android Recon for Bug Bounty
Learn how to extract APKs, find hidden endpoints & secrets before exploitation using tools such as:
APKeep, APKTool, apk2url, jadx-gui, MobSF, MARA, Drozer
https://www.yeswehack.com/learn-bug-bounty/android-recon-bug-bounty-guide
Learn how to extract APKs, find hidden endpoints & secrets before exploitation using tools such as:
APKeep, APKTool, apk2url, jadx-gui, MobSF, MARA, Drozer
https://www.yeswehack.com/learn-bug-bounty/android-recon-bug-bounty-guide
YesWeHack
Android recon for Bug Bounty hunters: A complete guide
An in-depth Bug Bounty guide to performing reconnaissance on Android apps – from extracting APKs to mapping endpoints, secrets and vulnerable components.
👍15❤3🌚3
SSL Pinning Bypass – Android
https://hardsoftsecurity.es/index.php/2025/11/26/ssl-pinning-bypass-android/
https://hardsoftsecurity.es/index.php/2025/11/26/ssl-pinning-bypass-android/
Hardsoft Security
SSL Pinning Bypass - Android - Hardsoft Security
Here we go again! Today we will be talking about SSL Pinning Bypass in Android. Due the recent cybersecurity congress that I have assisted...
👍12