SSL Pinning Bypass – Android
https://hardsoftsecurity.es/index.php/2025/11/26/ssl-pinning-bypass-android/
https://hardsoftsecurity.es/index.php/2025/11/26/ssl-pinning-bypass-android/
Hardsoft Security
SSL Pinning Bypass - Android - Hardsoft Security
Here we go again! Today we will be talking about SSL Pinning Bypass in Android. Due the recent cybersecurity congress that I have assisted...
👍12
Combatting Cybercrime against Mobile Devices
This paper examines cybercrime against consumer mobile devices and their users in the UK
https://www.rusi.org/explore-our-research/publications/insights-papers/combatting-cybercrime-against-mobile-devices
This paper examines cybercrime against consumer mobile devices and their users in the UK
https://www.rusi.org/explore-our-research/publications/insights-papers/combatting-cybercrime-against-mobile-devices
www.rusi.org
Combatting Cybercrime against Mobile Devices
Joseph Jarnecki outlines the highest priority cyberthreats against consumer mobile devices and considers potential strategies to mitigate and address the threat.
👍11⚡2🤣1
Albiriox Exposed: A New RAT Mobile Malware Targeting Global Finance and Crypto Wallets
https://www.cleafy.com/cleafy-labs/albiriox-rat-mobile-malware-targeting-global-finance-and-crypto-wallets
https://www.cleafy.com/cleafy-labs/albiriox-rat-mobile-malware-targeting-global-finance-and-crypto-wallets
Cleafy
Albiriox Exposed: A New RAT Mobile Malware Targeting Global Finance and Crypto Wallets | Cleafy Labs
Albiriox is a newly identified Android malware family offered as a Malware-as-a-Service, and enabling TAs to perform On-Device Fraud through remote control, screen manipulation, and real-time interaction with the infected device. Read more in this report.
👍11❤2🤮1🌚1
IPAtool - command line tool that allows you to search and download iOS apps from the App Store, known as an ipa file
https://github.com/majd/ipatool
https://github.com/majd/ipatool
GitHub
GitHub - majd/ipatool: Command-line tool that allows searching and downloading app packages (known as ipa files) from the iOS App…
Command-line tool that allows searching and downloading app packages (known as ipa files) from the iOS App Store - majd/ipatool
❤16👍6🎃2
Charging cable that hacks your device
Once plugged in, it can:
-detect OS,
-inject keystrokes,
-controlled over Wi-Fi,
-create remote shell access without network connection of target
https://www.mobile-hacker.com/2025/12/01/plug-play-pwn-hacking-with-evil-crow-cable-wind/
Once plugged in, it can:
-detect OS,
-inject keystrokes,
-controlled over Wi-Fi,
-create remote shell access without network connection of target
https://www.mobile-hacker.com/2025/12/01/plug-play-pwn-hacking-with-evil-crow-cable-wind/
Mobile Hacker
Plug, Play, Pwn: Hacking with Evil Crow Cable Wind
It’s a tiny hacking implant hidden inside a cable. Plug it into a computer, and it pretends to be a keyboard. Then it starts typing — fast. We’re talking up to 1,000 keystrokes per minute, all automated.
👍24🔥8😭8❤4🎃3
Reverse engineering Bluetooth on Amazon Kindle eReaders
https://sighery.com/posts/reverse-engineering-bluetooth-on-kindle-ereaders/
https://sighery.com/posts/reverse-engineering-bluetooth-on-kindle-ereaders/
Sighery
Reverse engineering Bluetooth on Amazon Kindle eReaders
A journey of learning C and reverse engineering to be more efficiently lazy
👍12🔥3🌚1
[Beginners] All About Android Pentesting: A Complete Methodology
https://xcheater.medium.com/all-about-android-pentesting-f047b7c7e0f1
https://xcheater.medium.com/all-about-android-pentesting-f047b7c7e0f1
Medium
All About Android Pentesting: A Complete Methodology
Complete Android application security testing guide: Static & dynamic testing, root detection bypass, SSL pinning, and common vuln…
👍14❤10🔥6🎃1
Cybercrime group GoldFactory: Distributed at least 27 legitimate banking apps injected with malicious code, targeting users in Indonesia, Vietnam, and Thailand
https://www.group-ib.com/blog/turning-apps-into-gold/
https://www.group-ib.com/blog/turning-apps-into-gold/
Group-IB
Hook for Gold: Inside GoldFactory's Сampaign That Turns Apps Into Goldmines
A deep dive into GoldFactory’s evolving mobile fraud campaigns across APAC, including modified banking apps, new malware variants such as Gigaflower, shared criminal infrastructure, and insights from the Group-IB Fraud Matrix, with recommendations for organizations…
🌚8👍2
SEEDSNATCHER : Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases
https://www.cyfirma.com/research/seedsnatcher-dissecting-an-android-malware-targeting-multiple-crypto-wallet-mnemonic-phrases/
https://www.cyfirma.com/research/seedsnatcher-dissecting-an-android-malware-targeting-multiple-crypto-wallet-mnemonic-phrases/
CYFIRMA
SEEDSNATCHER : Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases - CYFIRMA
EXECUTIVE SUMMARY At Cyfirma, we are committed to providing up-to-date insights into current threats and the tactics used by malicious...
👍8❤1
Mobile Forensics: Extracting Data from WhatsApp on already rooted device or with using Cellebrite to gain elevated privileges
https://hackers-arise.com/mobile-forensics-extracting-data-from-whatsapp/
https://hackers-arise.com/mobile-forensics-extracting-data-from-whatsapp/
❤8👍5
Return of ClayRat: Expanded Features and Techniques
https://zimperium.com/blog/return-of-clayrat-expanded-features-and-techniques
https://zimperium.com/blog/return-of-clayrat-expanded-features-and-techniques
Zimperium
Return of ClayRat: Expanded Features and Techniques
true
👍9🎃1
New FvncBot Android banking trojan targets Poland
https://www.intel471.com/blog/new-fvncbot-android-banking-trojan-targets-poland
https://www.intel471.com/blog/new-fvncbot-android-banking-trojan-targets-poland
👍7❤1🎃1
Careless Whisper: Exploiting Silent Delivery Receipts to Monitor Users on Mobile Instant Messengers
PoC: https://github.com/Cfomodz/whatsmap
Paper: https://arxiv.org/html/2411.11194v4
PoC: https://github.com/Cfomodz/whatsmap
Paper: https://arxiv.org/html/2411.11194v4
GitHub
GitHub - Cfomodz/whatsmap: Maps WhatsApp via API
Maps WhatsApp via API. Contribute to Cfomodz/whatsmap development by creating an account on GitHub.
❤15🔥5👍3
New Android In-Call Scam Protection Pauses Calls for 30 Seconds When Using Financial Apps
https://security.googleblog.com/2025/12/android-expands-pilot-in-call-scam-protection-financial-apps.html
https://security.googleblog.com/2025/12/android-expands-pilot-in-call-scam-protection-financial-apps.html
Google Online Security Blog
Android expands pilot for in-call scam protection for financial apps
Posted by Aden Haussmann, Associate Product Manager and Sumeet Sharma, Play Partnerships Trust & Safety Lead Android uses the best of Goo...
👍8🌚3🤣3🔥1
How Ads Infect Phones Without a Click by Intellexa
https://securitylab.amnesty.org/latest/2025/12/intellexa-leaks-predator-spyware-operations-exposed/
https://www.recordedfuture.com/research/intellexas-global-corporate-web
https://cloud.google.com/blog/topics/threat-intelligence/intellexa-zero-day-exploits-continue
https://securitylab.amnesty.org/latest/2025/12/intellexa-leaks-predator-spyware-operations-exposed/
https://www.recordedfuture.com/research/intellexas-global-corporate-web
https://cloud.google.com/blog/topics/threat-intelligence/intellexa-zero-day-exploits-continue
Amnesty International Security Lab
To Catch a Predator: Leak exposes the internal operations of Intellexa’s mercenary spyware - Amnesty International Security Lab
Drawing on leaked internal company documents, sales and marketing material, as well as training videos, the “Intellexa Leaks” investigation gives a never-before-seen glimpse of the internal operations of a mercenary spyware company focused on exploiting vulnerabilities…
❤11👍4⚡3
FuzzMe - MobileHackingLab CTF Challenge WriteUp
https://hackmd.io/@sal/fuzzme-mobilehackinglab-ctf-writeup
https://hackmd.io/@sal/fuzzme-mobilehackinglab-ctf-writeup
HackMD
FuzzMe - MobileHackingLab CTF Challenge WriteUp - HackMD
FuzzMe - MobileHackingLabs CTF Challenge WriteUp
👍13
Inside BTMOB: An Analytical Breakdown of a Leaked Android RAT Ecosystem
https://www.d3lab.net/inside-btmob-an-analytical-breakdown-of-a-leaked-android-rat-ecosystem/
https://www.d3lab.net/inside-btmob-an-analytical-breakdown-of-a-leaked-android-rat-ecosystem/
D3Lab
Inside BTMOB: An Analytical Breakdown of a Leaked Android RAT Ecosystem
This article provides an inside look into the leaked BTMOB ecosystem, a highly capable Android RAT marketed to cybercriminals as a commercial surveillance platform. By examining the leaked development files, server components, and operator tools, we uncover…
❤9👍7🔥2🌚1
DroidLock Hijacks Your Device
https://zimperium.com/blog/total-takeover-droidlock-hijacks-your-device
https://zimperium.com/blog/total-takeover-droidlock-hijacks-your-device
Zimperium
Total Takeover: DroidLock Hijacks Your Device
true
🌚9❤4👍2
Google Project Zero breaks down a 0-click Android exploit that hijacked Samsung phones via a malicious DNG image—originally flagged by Unit 42.
Patched in April 2025 (CVE-2025-21042)
https://googleprojectzero.blogspot.com/2025/12/a-look-at-android-itw-dng-exploit.html
Patched in April 2025 (CVE-2025-21042)
https://googleprojectzero.blogspot.com/2025/12/a-look-at-android-itw-dng-exploit.html
Blogspot
A look at an Android ITW DNG exploit
Posted by Benoît Sevens, Google Threat Intelligence Group Introduction Between July 2024 and February 2025, 6 suspicious image files were ...
❤21👍3
Security flaws in Freedom Chat app exposed users' phone numbers and PINs
https://ericdaigle.ca/posts/super-secure-maga-messaging-app-leaks-everyones-phone-number/
https://ericdaigle.ca/posts/super-secure-maga-messaging-app-leaks-everyones-phone-number/
⚡7👍3❤1
ipsw: command-line framework for Apple firmware analysis and interact with iOS devices
https://github.com/blacktop/ipsw
https://github.com/blacktop/ipsw
GitHub
GitHub - blacktop/ipsw: iOS/macOS Research Swiss Army Knife
iOS/macOS Research Swiss Army Knife. Contribute to blacktop/ipsw development by creating an account on GitHub.
🎃6👍3👾1