For more than a year, mobile browsers like Google Chrome, Firefox, and Safari failed to show any phishing warnings to users, according to a research paper published this week.
https://www.zdnet.com/article/mobile-chrome-safari-and-firefox-failed-to-show-phishing-warnings-for-more-than-a-year/

Rather use your charging adapter then USB charging stations.

“Let’s say I’m a bad guy. I go into an airport. I’m not going to easily take apart the charging station but it’s easy to just leave my cord behind. Now, if you see an Apple charging cord, you’re likely to grab it or just plug into it. But inside this cord is an extra chip that deploys the malware, so it charges your phone but now I own your computer.”
https://www.forbes.com/sites/suzannerowankelleher/2019/05/21/why-you-should-never-use-airport-usb-charging-stations/

The DuckDuckGo Privacy Browser application 5.26.0 for Android allows address bar spoofing via a setInterval call
https://www.inputzero.io/2019/05/duckduckgo-address-bar-spoofing.html

How to start with reverse engineering of ARM http://www.giovanni-rocca.com/i-want-to-be-an-arm-reverse-engineer/

Fake Antivirus app found on Google Play
https://blog.trustlook.com/security-app-rreview-lionmobi/

IOS Security - Web View XSS

https://www.allysonomalley.com/2019/05/31/seguridad-de-ios-web-view-xss/

Top Android malware threats - May 2019 http://skptr.me/malware_timeline_2019.html

Lookout has discovered 238 unique applications that include BeiTaPlugin adware with over 440 million installations on Google Play
https://blog.lookout.com/beitaplugin-adware

The idea of the new system is to turn Apple’s existing network of iPhones into a massive crowdsourced location tracking system. Every active iPhone will continuously monitor for BLE beacon messages that might be coming from a lost device. When it picks up one of these signals, the participating phone tags the data with its own current GPS location; then it sends the whole package up to Apple’s servers.
https://blog.cryptographyengineering.com/2019/06/05/how-does-apple-privately-find-your-offline-devices/amp/

Don't install these apps, they are still available on Google Play. These apps display unwanted after user unlocks device and hide from home menu.
These apps mostly impersonate Camera/Photo editor applications.
Source: https://twitter.com/LukasStefanko/status/1136568939239137280?s=19

Talk about 10 different Android malware families discovered on Google Play + analysis on Anubis Banking Trojan
https://youtu.be/4oSuv-kXWJI

PHONES INFECTED WITH BACKDOOR TROJAN
Impacted models include the Doogee BL7000, the M-Horse Pure 1, the Keecoo P11, and the VKworld Mix Plus.
https://www.zdnet.com/article/germany-backdoor-found-in-four-smartphone-models-20000-users-infected/

Preinstalled backdoor - Triada - found in Android devices.

Triada infects device system images through a third-party during the production process. Sometimes OEMs want to include features that aren’t part of the Android Open Source Project, such as face unlock. The OEM might partner with a third-party that can develop the desired feature and send the whole system image to that vendor for development.
https://security.googleblog.com/2019/06/pha-family-highlights-triada.html

“Digging Android Applications — Part 1 — Drozer + Burp” by Yasho https://link.medium.com/gVswDFdKlX

Anubis Android Bank Trojan technical analysis and recent activities summary (Chinese)
https://ti.qianxin.com/blog/articles/anubis-android-bank-trojan-technical-analysis-and-recent-activities-summary/

Many unofficial Telegram apps could be remotely controlled
https://link.medium.com/FfLwZsvrnX

Mobile phishing toolkit remotely controlled by an app
https://github.com/UndeadSec/SocialFishMobile

Anubis downloader found on Google Play with 1,000+ installs.
Info: https://twitter.com/0xabc0/status/1137988063244763136?s=19 via @0xabc0

Overview of 4 techniques used by Android malware to detect name of launched app.
+ how developers can protect their apps against one of these technique.
https://eybisi.run/Mobile-Malware-Analysis-Overlay-and-How-to-Counter-it/