Mobile Security Penetration Testing List
https://hackersonlineclub.com/mobile-security-penetration-testing/

Be careful when using shared devices

In-room tablets, phones in hotels, ordering tables in restaurants....

On some of them you can install TeamViewer to monitor all the activity.
https://twitter.com/JulienEhrhart/status/1160533140047351808?s=19

Canon DSLR Camera can get infected with Ransomware over the air
https://research.checkpoint.com/say-cheese-ransomware-ing-a-dslr-camera/

The Remote, Interaction-less Attack Surface of the iPhone

Slides from BlackHat about RCEs in iPhone
http://i.blackhat.com/USA-19/Wednesday/us-19-Silvanovich-Look-No-Hands-The-Remote-Interactionless-Attack-Surface-Of-The-iPhone.pdf

History of the worst Android app ever: mAadhaar
Slides: https://github.com/fs0c131y/ConPresentations/blob/master/AppSecVillageDefcon27.mAadhaar.pdf
Presentation: https://youtu.be/1dnyV2Gd48A

Cerberus - A new banking Trojan from the underworld
https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html

Intercepting traffic from Android Flutter applications
https://blog.nviso.be/2019/08/13/intercepting-traffic-from-android-flutter-applications/

Bypass of biometrics security functionality is possible in Android application (com.shopify.mobile)
https://hackerone.com/reports/637194

85 Adware Apps Found on Google Play Installed Over 8,000,000 Times
https://blog.trendmicro.com/trendlabs-security-intelligence/adware-posing-as-85-photography-and-gaming-apps-on-google-play-installed-over-8-million-times/

Cerberus - new Android Banking Trojan is active

-spreads via fake website as Adobe Flash Player
-video demo of its installation and stealing credentials from PayPal
https://twitter.com/ESETresearch/status/1162315627052306432

Google Play now reviews all apps for at least three days for security reasons

✅ less harmful apps on Play Store
❌ security app updates could be delayed by 3 days
https://t.co/9gAnukJNFW

Bypassing Certificate Pinning by repackaging Android app
https://blog.approov.io/bypassing-certificate-pinning

Threat evolution Q2 2019 by Kaspersky

Top 10 mobile malware in Q2 2019:
1. DangerousObject.Multi.Generic
2. Trojan.AndroidOS.Boogr.gsh
3. DangerousObject.AndroidOS.GenericML
4. Trojan.AndroidOS.Hiddapp.cr
5. Trojan.AndroidOS.Hiddapp.ch
6. Trojan.AndroidOS.Hiddapp.cf
7. Trojan.AndroidOS.Hiddad.em
8. Trojan-Dropper.AndroidOS.Lezok.p
9. Trojan-Dropper.AndroidOS.Hqwar.bb
10.Trojan-Banker.AndroidOS.Asacub.a
https://securelist.com/it-threat-evolution-q2-2019-statistics/92053/

Apple accidentally unpatched a vulnerability it had already fixed, making current versions of iOS vulnerable to hackers.

Vulnerability was fixed in iOS 12.3 but Apple "unfixed" in iOS 12.4
https://www.vice.com/amp/en_us/article/qvgp77/hacker-releases-first-public-iphone-jailbreak-in-years

27 apps found on Google Play that prompt to install fake Google Play Store (Adware).
These app reached over 6,000 installs.
https://blogs.quickheal.com/alert-27-apps-found-google-play-store-prompt-install-fake-google-play-store/

Facebook Bug Bounty: Reading WhatsApp contacts list without unlocking the device
https://medium.com/@ar_arvind/facebook-bug-bounty-reading-whatsapp-contacts-list-without-unlocking-the-device-a40e9c660a42

Introducing new #Android #malware analysis platform!
Upload APK, detect malware and grab its configuration.
Currently open for trusted researchers only.
https://www.apkdetect.com/

Microsoft Patches Vulnerable Android Remote Desktop App
https://www.bleepingcomputer.com/news/security/microsoft-patches-vulnerable-android-remote-desktop-app/

First known spyware that is built on the AhMyth open-source espionage tool and has appeared on Google Play – twice
https://www.welivesecurity.com/2019/08/22/first-spyware-android-ahmyth-google-play/