Six new HiddenAd Trojans found on Google Play with 280,000+ downloads. If you have them installed, remove them. https://t.co/fB1CCttfIZ

Fake VPN app found on Google Play can download and install additional apps.
https://twitter.com/m0br3v/status/1166680295023812609?s=19

Two adware apps found on Google Play with over 1.5 million installs.
https://www.symantec.com/blogs/threat-intelligence/stealthy-ad-clicking-apps-google-play

Google adds all Android apps with +100m installs to its bug bounty program
https://www.zdnet.com/article/google-adds-all-android-apps-with-100m-installs-to-its-bug-bounty-program/

Russian police take down malware gang that infected 800,000+ Android smartphones
They rented Hqwar, Asacub (Honli), Cron, CatsElite (MarsElite), Lokibot and modernized Marcher (Rahunok). 
https://www.zdnet.com/article/russian-police-take-down-malware-gang-that-infected-800000-android-smartphones/

Brazilian Android RAT distributed by over 20 apps via Google Play mostly as WhatsApp update exploiting WhatsApp's CVE-2019-3568.
One of the apps had 10,000+ installs.
https://securelist.com/spying-android-rat-from-brazil-brata/92775/

A very deep dive into iOS Exploit chains found in the wild
Waterhole attacks - get your iPhone hacked only by visiting hacked website.
https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html

How to Extract and Decrypt Signal Conversation History from the iPhone
https://blog.elcomsoft.com/2019/08/how-to-extract-and-decrypt-signal-conversation-history-from-the-iphone/

ARES ADB IOT Botnet Targeting Android Devices especially STBs/ TVs
https://www.wootcloud.com/blogs/ars_botnet.html

Facebook Android app scans system libraries from their user’s phone in the background and uploads them to their server...without user's permission
https://twitter.com/wongmjane/status/1167463054709334017?s=19

Analysis and Reproduction of iOS/OSX Vulnerability: CVE-2019-7286

▪️CVE-2019-7286 was exploited in the wild
▪️The vulnerability seems to be of critical severity
▪️Vulnerability reproduced (includes POC code)
▪️The vulnerability could be used to escalate privileges to root as part of a chain for jailbreak on iOS 12.1.3.
https://blog.zecops.com/vulnerabilities/analysis-and-reproduction-of-cve-2019-7286/

Global Rankings in Updating Smartphone Software and Security (besides Pixel)

1) Nokia
2) Samsung
3) Xiaomi
4) Huawei
5) Lenovo
https://www.counterpointresearch.com/nokia-leads-global-rankings-updating-smartphone-software-security/

Roaming Mantis(MoqHao/XLoader): spreads via SMShing

Distribution:
Infected Android device sends a SMS with a bit.ly link that links to a Tumblr blog that redirects to a malicous landing page.
https://hitcon.org/2019/CMT/slide-files/d2_s1_r1.pdf

Review of harmful apps found on Google Play in August 2019

Summary: 204 apps with over 438,400,00 installs.
https://lukasstefanko.com/2019/09/android-security-monthly-recap-8.html

Top Android malware threats in August, 2019
Full list http://skptr.me/malware_timeline_2019.html
Download samples https://github.com/sk3ptre/AndroidMalware_2019

Fake cryptocurrency exchange app found on Google Play that bypasses SMS 2FA by stealing SMS notifications.
Targets users of 6 different cryptocurrency exchanges. https://twitter.com/ESETresearch/status/1168850608872460288

Price For Mobile Exploits

For the first time Zerodium pays more for Android then iOS.
https://zerodium.com/program.html#changelog

Heap Exploit Development – Case study from an in-the-wild iOS 0-day
https://azeria-labs.com/heap-exploit-development-part-1/

Weekly tests of APK files uploaded on Virus Total based on Antivirus engines

Results:
1. K7GW
2. ESET-NOD32
3. Trustlook
4. Avira
5. AhnLab-V3
https://blog.trustlook.com/virustotal-apk-malware-detection-data-20190826-20190901/

HiddenAd adware with 50,000+ installs found on Google Play
https://twitter.com/ReBensk/status/1169127907958112256

Android banking Trojan - Hydra - found on Google Play with 10,000+ installs
https://twitter.com/0xabc0/status/1169186569615532032