The #RoamingMantis group targets Android and iOS devices (phishing Apple ID) in Europe #FakeCop
https://medium.com/csis-techblog/the-roamingmantis-groups-expansion-to-european-apple-accounts-and-android-devices-e6381723c681

iOS/MacOS wifi proximity kernel double free in AWDL BSS Steering
https://bugs.chromium.org/p/project-zero/issues/detail?id=2012

TikTok Secretly Spying On Clipboard of Millions iPhone Users
https://www.forbes.com/sites/zakdoffman/2020/06/26/warning-apple-suddenly-catches-tiktok-secretly-spying-on-millions-of-iphone-users/amp/

Android malware detection based on image-based features and machine learning techniques
https://link.springer.com/article/10.1007/s42452-020-3132-2

Debugging the Samsung Android Kernel
Part 1: https://blog.pucarasec.com/2020/06/09/debugging-the-samsung-android-kernel-part-1/
Part 2: https://blog.pucarasec.com/2020/06/16/debugging-the-samsung-android-kernel-part-2/
Part 3: https://blog.pucarasec.com/2020/06/23/debugging-the-samsung-android-kernel-part-3/

Android App Source code Extraction and Bypassing Root and SSL Pinning checks

https://vj0shii.github.io/android-app-testing-initial-steps/

SafetyNet’s dreaded hardware attestation is rolling out, making it much harder for Magisk to hide root
https://www.xda-developers.com/safetynet-hardware-attestation-hide-root-magisk/

Android 11

Privacy updates:
•Auto-reset permissions from unused apps!
•Package visibility: can't list installed apps!
•New, clearer permission to obtain user phone number!
•One-time permissions (temp granted permissions)
•Background location access
•Scoped Storage
https://developer.android.com/preview/privacy

Intercept & view all Android HTTP(S)
Mock endpoints or entire servers
Rewrite, redirect, or inject errors
https://httptoolkit.tech/android

Clipboard Toast
An Xposed module that notifies you whenever an app reads your clipboard
https://github.com/ubuntuegor/ClipboardToast

Package visibility in Android 11 #ForDevelopers
https://medium.com/androiddevelopers/package-visibility-in-android-11-cc857f221cd9

Android FakeSpy analysis | Roaming Mantis
https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world

Multiyear Surveillance Campaigns Discovered Targeting Uyghurs | mAPT | SilkBean| DoubleAgent CarbonSteal | GoldenEagle
https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf

Popular Android malware threats - Jun, 2020
Full list: http://skptr.me/malware_timeline_2020.html
Download samples: https://github.com/sk3ptre/AndroidMalware_2020

LinkedIn iOS app is copying the contents every clipboard keystroke. IOS 14 allows users to see each paste notification
https://www.zdnet.com/article/linkedin-says-ios-clipboard-snooping-after-every-key-press-is-a-bug-will-fix/

Android Keylogger Injector demo
Be aware of such techniques when downloading any app, because free tutorial how to create keylogger injector is available on underground forums
https://youtu.be/jpmUUuNUIfo

Insecure iOS Storage - DVIAv2 Part 1

https://philkeeble.com/ios/Insecure-iOS-Storage/

MobOk Malware found on Google Play

Functionality:
-Switching from Wi-Fi to Data Connection
-Subscribing to premium mobile services
-Solving Image-based CAPTCHA using an external image recognition service
-Stealing SMS used for 2FA
-Using the accessibility services to carry-on malicious activities on the screen
https://blog.zimperium.com/zimperium-discovers-mobok-malware-left-undetected-by-mobile-av-industry-for-months/

Police cracked encryption in EncroChat to read messages between drug criminals, hitmen and murder orders
https://www.nytimes.com/2020/07/02/world/europe/encrypted-network-arrests-europe.html

How to use #Frida and #BurpSuite to quickly identify mobile app functionality
https://youtu.be/07K5DZXMvB4

Repairing your smartphone or installing a ROM now will be a crime in Mexico
https://www.xataka.com.mx/legislacion-y-derechos/reparar-tu-smartphone-instalarle-rom-sera-delito-mexico-nueva-ley-que-proteje-candados-digitales-explicada