Combatting Cybercrime against Mobile Devices
This paper examines cybercrime against consumer mobile devices and their users in the UK
https://www.rusi.org/explore-our-research/publications/insights-papers/combatting-cybercrime-against-mobile-devices
This paper examines cybercrime against consumer mobile devices and their users in the UK
https://www.rusi.org/explore-our-research/publications/insights-papers/combatting-cybercrime-against-mobile-devices
www.rusi.org
Combatting Cybercrime against Mobile Devices
Joseph Jarnecki outlines the highest priority cyberthreats against consumer mobile devices and considers potential strategies to mitigate and address the threat.
👍11⚡2🤣1
Albiriox Exposed: A New RAT Mobile Malware Targeting Global Finance and Crypto Wallets
https://www.cleafy.com/cleafy-labs/albiriox-rat-mobile-malware-targeting-global-finance-and-crypto-wallets
https://www.cleafy.com/cleafy-labs/albiriox-rat-mobile-malware-targeting-global-finance-and-crypto-wallets
Cleafy
Albiriox Exposed: A New RAT Mobile Malware Targeting Global Finance and Crypto Wallets | Cleafy Labs
Albiriox is a newly identified Android malware family offered as a Malware-as-a-Service, and enabling TAs to perform On-Device Fraud through remote control, screen manipulation, and real-time interaction with the infected device. Read more in this report.
👍11❤2🤮1🌚1
IPAtool - command line tool that allows you to search and download iOS apps from the App Store, known as an ipa file
https://github.com/majd/ipatool
https://github.com/majd/ipatool
GitHub
GitHub - majd/ipatool: Command-line tool that allows searching and downloading app packages (known as ipa files) from the iOS App…
Command-line tool that allows searching and downloading app packages (known as ipa files) from the iOS App Store - majd/ipatool
❤16👍6🎃2
Charging cable that hacks your device
Once plugged in, it can:
-detect OS,
-inject keystrokes,
-controlled over Wi-Fi,
-create remote shell access without network connection of target
https://www.mobile-hacker.com/2025/12/01/plug-play-pwn-hacking-with-evil-crow-cable-wind/
Once plugged in, it can:
-detect OS,
-inject keystrokes,
-controlled over Wi-Fi,
-create remote shell access without network connection of target
https://www.mobile-hacker.com/2025/12/01/plug-play-pwn-hacking-with-evil-crow-cable-wind/
Mobile Hacker
Plug, Play, Pwn: Hacking with Evil Crow Cable Wind
It’s a tiny hacking implant hidden inside a cable. Plug it into a computer, and it pretends to be a keyboard. Then it starts typing — fast. We’re talking up to 1,000 keystrokes per minute, all automated.
👍24🔥8😭8❤4🎃3
Reverse engineering Bluetooth on Amazon Kindle eReaders
https://sighery.com/posts/reverse-engineering-bluetooth-on-kindle-ereaders/
https://sighery.com/posts/reverse-engineering-bluetooth-on-kindle-ereaders/
Sighery
Reverse engineering Bluetooth on Amazon Kindle eReaders
A journey of learning C and reverse engineering to be more efficiently lazy
👍12🔥3🌚1
[Beginners] All About Android Pentesting: A Complete Methodology
https://xcheater.medium.com/all-about-android-pentesting-f047b7c7e0f1
https://xcheater.medium.com/all-about-android-pentesting-f047b7c7e0f1
Medium
All About Android Pentesting: A Complete Methodology
Complete Android application security testing guide: Static & dynamic testing, root detection bypass, SSL pinning, and common vuln…
👍14❤10🔥6🎃1
Cybercrime group GoldFactory: Distributed at least 27 legitimate banking apps injected with malicious code, targeting users in Indonesia, Vietnam, and Thailand
https://www.group-ib.com/blog/turning-apps-into-gold/
https://www.group-ib.com/blog/turning-apps-into-gold/
Group-IB
Hook for Gold: Inside GoldFactory's Сampaign That Turns Apps Into Goldmines
A deep dive into GoldFactory’s evolving mobile fraud campaigns across APAC, including modified banking apps, new malware variants such as Gigaflower, shared criminal infrastructure, and insights from the Group-IB Fraud Matrix, with recommendations for organizations…
🌚8👍2
SEEDSNATCHER : Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases
https://www.cyfirma.com/research/seedsnatcher-dissecting-an-android-malware-targeting-multiple-crypto-wallet-mnemonic-phrases/
https://www.cyfirma.com/research/seedsnatcher-dissecting-an-android-malware-targeting-multiple-crypto-wallet-mnemonic-phrases/
CYFIRMA
SEEDSNATCHER : Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases - CYFIRMA
EXECUTIVE SUMMARY At Cyfirma, we are committed to providing up-to-date insights into current threats and the tactics used by malicious...
👍8❤1
Mobile Forensics: Extracting Data from WhatsApp on already rooted device or with using Cellebrite to gain elevated privileges
https://hackers-arise.com/mobile-forensics-extracting-data-from-whatsapp/
https://hackers-arise.com/mobile-forensics-extracting-data-from-whatsapp/
❤8👍5
Return of ClayRat: Expanded Features and Techniques
https://zimperium.com/blog/return-of-clayrat-expanded-features-and-techniques
https://zimperium.com/blog/return-of-clayrat-expanded-features-and-techniques
Zimperium
Return of ClayRat: Expanded Features and Techniques
true
👍9🎃1
New FvncBot Android banking trojan targets Poland
https://www.intel471.com/blog/new-fvncbot-android-banking-trojan-targets-poland
https://www.intel471.com/blog/new-fvncbot-android-banking-trojan-targets-poland
👍7❤1🎃1
Careless Whisper: Exploiting Silent Delivery Receipts to Monitor Users on Mobile Instant Messengers
PoC: https://github.com/Cfomodz/whatsmap
Paper: https://arxiv.org/html/2411.11194v4
PoC: https://github.com/Cfomodz/whatsmap
Paper: https://arxiv.org/html/2411.11194v4
GitHub
GitHub - Cfomodz/whatsmap: Maps WhatsApp via API
Maps WhatsApp via API. Contribute to Cfomodz/whatsmap development by creating an account on GitHub.
❤15🔥5👍3
New Android In-Call Scam Protection Pauses Calls for 30 Seconds When Using Financial Apps
https://security.googleblog.com/2025/12/android-expands-pilot-in-call-scam-protection-financial-apps.html
https://security.googleblog.com/2025/12/android-expands-pilot-in-call-scam-protection-financial-apps.html
Google Online Security Blog
Android expands pilot for in-call scam protection for financial apps
Posted by Aden Haussmann, Associate Product Manager and Sumeet Sharma, Play Partnerships Trust & Safety Lead Android uses the best of Goo...
👍8🌚3🤣3🔥1
How Ads Infect Phones Without a Click by Intellexa
https://securitylab.amnesty.org/latest/2025/12/intellexa-leaks-predator-spyware-operations-exposed/
https://www.recordedfuture.com/research/intellexas-global-corporate-web
https://cloud.google.com/blog/topics/threat-intelligence/intellexa-zero-day-exploits-continue
https://securitylab.amnesty.org/latest/2025/12/intellexa-leaks-predator-spyware-operations-exposed/
https://www.recordedfuture.com/research/intellexas-global-corporate-web
https://cloud.google.com/blog/topics/threat-intelligence/intellexa-zero-day-exploits-continue
Amnesty International Security Lab
To Catch a Predator: Leak exposes the internal operations of Intellexa’s mercenary spyware - Amnesty International Security Lab
Drawing on leaked internal company documents, sales and marketing material, as well as training videos, the “Intellexa Leaks” investigation gives a never-before-seen glimpse of the internal operations of a mercenary spyware company focused on exploiting vulnerabilities…
❤11👍4⚡3
FuzzMe - MobileHackingLab CTF Challenge WriteUp
https://hackmd.io/@sal/fuzzme-mobilehackinglab-ctf-writeup
https://hackmd.io/@sal/fuzzme-mobilehackinglab-ctf-writeup
HackMD
FuzzMe - MobileHackingLab CTF Challenge WriteUp - HackMD
FuzzMe - MobileHackingLabs CTF Challenge WriteUp
👍13
Inside BTMOB: An Analytical Breakdown of a Leaked Android RAT Ecosystem
https://www.d3lab.net/inside-btmob-an-analytical-breakdown-of-a-leaked-android-rat-ecosystem/
https://www.d3lab.net/inside-btmob-an-analytical-breakdown-of-a-leaked-android-rat-ecosystem/
D3Lab
Inside BTMOB: An Analytical Breakdown of a Leaked Android RAT Ecosystem
This article provides an inside look into the leaked BTMOB ecosystem, a highly capable Android RAT marketed to cybercriminals as a commercial surveillance platform. By examining the leaked development files, server components, and operator tools, we uncover…
❤9👍7🔥2🌚1
DroidLock Hijacks Your Device
https://zimperium.com/blog/total-takeover-droidlock-hijacks-your-device
https://zimperium.com/blog/total-takeover-droidlock-hijacks-your-device
Zimperium
Total Takeover: DroidLock Hijacks Your Device
true
🌚9❤4👍2
Google Project Zero breaks down a 0-click Android exploit that hijacked Samsung phones via a malicious DNG image—originally flagged by Unit 42.
Patched in April 2025 (CVE-2025-21042)
https://googleprojectzero.blogspot.com/2025/12/a-look-at-android-itw-dng-exploit.html
Patched in April 2025 (CVE-2025-21042)
https://googleprojectzero.blogspot.com/2025/12/a-look-at-android-itw-dng-exploit.html
Blogspot
A look at an Android ITW DNG exploit
Posted by Benoît Sevens, Google Threat Intelligence Group Introduction Between July 2024 and February 2025, 6 suspicious image files were ...
❤21👍3
Security flaws in Freedom Chat app exposed users' phone numbers and PINs
https://ericdaigle.ca/posts/super-secure-maga-messaging-app-leaks-everyones-phone-number/
https://ericdaigle.ca/posts/super-secure-maga-messaging-app-leaks-everyones-phone-number/
⚡7👍3❤1
ipsw: command-line framework for Apple firmware analysis and interact with iOS devices
https://github.com/blacktop/ipsw
https://github.com/blacktop/ipsw
GitHub
GitHub - blacktop/ipsw: iOS/macOS Research Swiss Army Knife
iOS/macOS Research Swiss Army Knife. Contribute to blacktop/ipsw development by creating an account on GitHub.
🎃6👍3👾1
Frogblight: New Android banker targets Turkish users
https://securelist.com/frogblight-banker/118440/
https://securelist.com/frogblight-banker/118440/
Securelist
Frogblight banking Trojan targets Android users in Turkey
Kaspersky researchers have discovered a new Android banking Trojan targeting Turkish users and posing as an app for accessing court case files via an official government webpage. The malware is being actively developed and may become MaaS in the future.
👍4🌚3❤1