Return of ClayRat: Expanded Features and Techniques
https://zimperium.com/blog/return-of-clayrat-expanded-features-and-techniques
https://zimperium.com/blog/return-of-clayrat-expanded-features-and-techniques
Zimperium
Return of ClayRat: Expanded Features and Techniques
true
👍9🎃1
New FvncBot Android banking trojan targets Poland
https://www.intel471.com/blog/new-fvncbot-android-banking-trojan-targets-poland
https://www.intel471.com/blog/new-fvncbot-android-banking-trojan-targets-poland
👍7❤1🎃1
Careless Whisper: Exploiting Silent Delivery Receipts to Monitor Users on Mobile Instant Messengers
PoC: https://github.com/Cfomodz/whatsmap
Paper: https://arxiv.org/html/2411.11194v4
PoC: https://github.com/Cfomodz/whatsmap
Paper: https://arxiv.org/html/2411.11194v4
GitHub
GitHub - Cfomodz/whatsmap: Maps WhatsApp via API
Maps WhatsApp via API. Contribute to Cfomodz/whatsmap development by creating an account on GitHub.
❤15🔥5👍3
New Android In-Call Scam Protection Pauses Calls for 30 Seconds When Using Financial Apps
https://security.googleblog.com/2025/12/android-expands-pilot-in-call-scam-protection-financial-apps.html
https://security.googleblog.com/2025/12/android-expands-pilot-in-call-scam-protection-financial-apps.html
Google Online Security Blog
Android expands pilot for in-call scam protection for financial apps
Posted by Aden Haussmann, Associate Product Manager and Sumeet Sharma, Play Partnerships Trust & Safety Lead Android uses the best of Goo...
👍8🌚3🤣3🔥1
How Ads Infect Phones Without a Click by Intellexa
https://securitylab.amnesty.org/latest/2025/12/intellexa-leaks-predator-spyware-operations-exposed/
https://www.recordedfuture.com/research/intellexas-global-corporate-web
https://cloud.google.com/blog/topics/threat-intelligence/intellexa-zero-day-exploits-continue
https://securitylab.amnesty.org/latest/2025/12/intellexa-leaks-predator-spyware-operations-exposed/
https://www.recordedfuture.com/research/intellexas-global-corporate-web
https://cloud.google.com/blog/topics/threat-intelligence/intellexa-zero-day-exploits-continue
Amnesty International Security Lab
To Catch a Predator: Leak exposes the internal operations of Intellexa’s mercenary spyware - Amnesty International Security Lab
Drawing on leaked internal company documents, sales and marketing material, as well as training videos, the “Intellexa Leaks” investigation gives a never-before-seen glimpse of the internal operations of a mercenary spyware company focused on exploiting vulnerabilities…
❤11👍4⚡3
FuzzMe - MobileHackingLab CTF Challenge WriteUp
https://hackmd.io/@sal/fuzzme-mobilehackinglab-ctf-writeup
https://hackmd.io/@sal/fuzzme-mobilehackinglab-ctf-writeup
HackMD
FuzzMe - MobileHackingLab CTF Challenge WriteUp - HackMD
FuzzMe - MobileHackingLabs CTF Challenge WriteUp
👍13
Inside BTMOB: An Analytical Breakdown of a Leaked Android RAT Ecosystem
https://www.d3lab.net/inside-btmob-an-analytical-breakdown-of-a-leaked-android-rat-ecosystem/
https://www.d3lab.net/inside-btmob-an-analytical-breakdown-of-a-leaked-android-rat-ecosystem/
D3Lab
Inside BTMOB: An Analytical Breakdown of a Leaked Android RAT Ecosystem
This article provides an inside look into the leaked BTMOB ecosystem, a highly capable Android RAT marketed to cybercriminals as a commercial surveillance platform. By examining the leaked development files, server components, and operator tools, we uncover…
❤9👍7🔥2🌚1
DroidLock Hijacks Your Device
https://zimperium.com/blog/total-takeover-droidlock-hijacks-your-device
https://zimperium.com/blog/total-takeover-droidlock-hijacks-your-device
Zimperium
Total Takeover: DroidLock Hijacks Your Device
true
🌚9❤4👍2
Google Project Zero breaks down a 0-click Android exploit that hijacked Samsung phones via a malicious DNG image—originally flagged by Unit 42.
Patched in April 2025 (CVE-2025-21042)
https://googleprojectzero.blogspot.com/2025/12/a-look-at-android-itw-dng-exploit.html
Patched in April 2025 (CVE-2025-21042)
https://googleprojectzero.blogspot.com/2025/12/a-look-at-android-itw-dng-exploit.html
Blogspot
A look at an Android ITW DNG exploit
Posted by Benoît Sevens, Google Threat Intelligence Group Introduction Between July 2024 and February 2025, 6 suspicious image files were ...
❤21👍3
Security flaws in Freedom Chat app exposed users' phone numbers and PINs
https://ericdaigle.ca/posts/super-secure-maga-messaging-app-leaks-everyones-phone-number/
https://ericdaigle.ca/posts/super-secure-maga-messaging-app-leaks-everyones-phone-number/
⚡7👍3❤1
ipsw: command-line framework for Apple firmware analysis and interact with iOS devices
https://github.com/blacktop/ipsw
https://github.com/blacktop/ipsw
GitHub
GitHub - blacktop/ipsw: iOS/macOS Research Swiss Army Knife
iOS/macOS Research Swiss Army Knife. Contribute to blacktop/ipsw development by creating an account on GitHub.
🎃6👍3👾1
Frogblight: New Android banker targets Turkish users
https://securelist.com/frogblight-banker/118440/
https://securelist.com/frogblight-banker/118440/
Securelist
Frogblight banking Trojan targets Android users in Turkey
Kaspersky researchers have discovered a new Android banking Trojan targeting Turkish users and posing as an app for accessing court case files via an official government webpage. The malware is being actively developed and may become MaaS in the future.
👍4🌚3❤1
Cellik - A New Android RAT With Play Store Integration
https://iverify.io/blog/meet-cellik---a-new-android-rat-with-play-store-integration
https://iverify.io/blog/meet-cellik---a-new-android-rat-with-play-store-integration
iverify.io
Meet Cellik - A New Android RAT With Play Store Integration
Discover how Cellik Android RAT enables full device surveillance with live screen access, keylogging, app injection, and Play Store APK wrapping.
👍10🌚4❤3
Kimwolf Botnet Hacked 1.8 Million Android TVs, Launched DDoS Attacks, Proxy
https://blog.xlab.qianxin.com/kimwolf-botnet-en/
https://blog.xlab.qianxin.com/kimwolf-botnet-en/
奇安信 X 实验室
Kimwolf Exposed: The Massive Android Botnet with 1.8 Million Infected Devices
Background
On October 24, 2025, a trusted partner in the security community provided us with a brand-new botnet sample. The most distinctive feature of this sample was its C2 domain, 14emeliaterracewestroxburyma02132[.]su, which at the time ranked 2nd in…
On October 24, 2025, a trusted partner in the security community provided us with a brand-new botnet sample. The most distinctive feature of this sample was its C2 domain, 14emeliaterracewestroxburyma02132[.]su, which at the time ranked 2nd in…
🌚8👍5🎄2
Kimsuky Distributing Malicious Mobile App via QR Code
https://www.enki.co.kr/en/media-center/blog/kimsuky-distributing-malicious-mobile-app-via-qr-code
https://www.enki.co.kr/en/media-center/blog/kimsuky-distributing-malicious-mobile-app-via-qr-code
www.enki.co.kr
Kimsuky Distributing Malicious Mobile App via QR Code | Enki White Hat
👍6🔥5🌚2
Analysis of CVE-2025-31200, a zero-day, zero-click RCE in iOS. Triggered by a malicious audio file via iMessage/SMS. Exploitation bypassed Blastdoor, enabled kernel escalation (CVE-2025-31201), and allowed token theft until patched in iOS 18.4.1 (Apr 16, 2025)
https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201
https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201
GitHub
GitHub - JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201: CVE-2025-31200 is a zero-day, zero-click RCE in iOS CoreAudio’s…
CVE-2025-31200 is a zero-day, zero-click RCE in iOS CoreAudio’s AudioConverterService, triggered by a malicious audio file via iMessage/SMS. Exploitation bypassed Blastdoor, enabled kernel escalati...
🔥12👍4🌚2
CVE-2025-38352 - In-the-wild Android Kernel Vulnerability Analysis + PoC
https://faith2dxy.xyz/2025-12-22/cve_2025_38352_analysis/
PoC: https://github.com/farazsth98/poc-CVE-2025-38352
https://faith2dxy.xyz/2025-12-22/cve_2025_38352_analysis/
PoC: https://github.com/farazsth98/poc-CVE-2025-38352
faith2dxy.xyz
CVE-2025-38352 - In-the-wild Android Kernel Vulnerability Analysis + PoC
CVE-2025-38352 was a race condition use-after-free vulnerability in the Linux kernel's POSIX CPU timers implementation that was reported to have been under…
⚡5👍3👾2
A New Stage in the Evolution of Android SMS Stealers in Uzbekistan
https://www.group-ib.com/blog/mobile-malware-uzbekistan/
https://www.group-ib.com/blog/mobile-malware-uzbekistan/
Group-IB
Choose Your Fighter: A New Stage in the Evolution of Android SMS Stealers in Uzbekistan
Group-IB analyzes the evolution of Android malware in Uzbekistan, revealing advanced droppers, encrypted payload delivery, anti-analysis techniques, and Wonderland’s bidirectional SMS-stealing capabilities driving large-scale financial fraud.
❤3👍3