40562
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
Rooting an Android Emulator for Mobile Security Testing
https://8ksec.io/rooting-an-android-emulator-for-mobile-security-testing/
SuperCard X: exposing a Chinese-speaker MaaS for NFC Relay fraud operation
https://www.cleafy.com/cleafy-labs/supercardx-exposing-chinese-speaker-maas-for-nfc-relay-fraud-operation?s=03
Android spyware trojan targets Russian military personnel who use Alpine Quest mapping software
https://news.drweb.com/show/?i=15006&lng=en&c=5
B(l)utter: Flutter Mobile Application Reverse Engineering Tool
https://github.com/worawit/blutter
Magisk for Mobile Pentesting: Rooting Android Devices and Building Custom Modules
Part 1: justmobilesec/magisk-for-mobile-pentesting-rooting-android-devices-and-building-custom-modules-part-i-3ca7429f1faf" rel="nofollow">https://medium.com/@justmobilesec/magisk-for-mobile-pentesting-rooting-android-devices-and-building-custom-modules-part-i-3ca7429f1faf
Part 2: justmobilesec/magisk-for-mobile-pentesting-rooting-android-devices-and-building-custom-modules-part-ii-22badc498437" rel="nofollow">https://medium.com/@justmobilesec/magisk-for-mobile-pentesting-rooting-android-devices-and-building-custom-modules-part-ii-22badc498437
Rethinking Emulation for Fu(zzi)n(g) and Profit: Near-Native Rehosting for Embedded ARM Firmware
[Presentation] https://www.youtube.com/watch?v=o_ckTnTQlfs
[Slides] https://github.com/binarly-io/Research_Publications/blob/main/REverse_2025/Near-Native%20Rehosting%20for%20Embedded%20ARM%20Firmware.pdf
Newly Registered Domains Distributing SpyNote Malware
https://dti.domaintools.com/newly-registered-domains-distributing-spynote-malware/
SMS Pumping: How Criminals Turn Your Messaging Service into Their Cash Machine
https://www.group-ib.com/blog/sms-pumping/
BADBAZAAR and MOONSHINE: Technical analysis and mitigations
https://www.ncsc.gov.uk/news/advisory-badbazaar-moonshine-technical-analysis-mitigations
Android Malware Disguised as Government Alerts distributed in India via WhatsApp
https://blogs.quickheal.com/beware-malicious-android-malware-disguised-as-government-alerts/
Salvador Stealer: New Android Malware That Phishes Banking Details & OTPs
https://any.run/cybersecurity-blog/salvador-stealer-malware-analysis/
'Lucid' Phishing Platform Targets iOS and Android Users with SMS Attacks
https://catalyst.prodaft.com/public/report/lucid/overview
Exposing Crocodilus: New Device Takeover Malware Targeting Android Devices
https://www.threatfabric.com/blogs/exposing-crocodilus-new-device-takeover-malware-targeting-android-devices
PJobRAT makes a comeback, takes another crack at chat apps
https://news.sophos.com/en-us/2025/03/27/pjobrat-makes-a-comeback-takes-another-crack-at-chat-apps/
A Blueprint of Android Activity Lifecycle
https://8ksec.io/a-blueprint-of-android-activity-lifecycle/
CVE-2024-53104 proof of concept: Privilege escalation security flaw in the Android Kernel's USB Video Class driver that allows authenticated local threat actors to elevate privileges in low-complexity attacks
https://github.com/zhuowei/facedancer/blob/rawgadget2/examples/camera.py#L15
Everyone knows your location: tracking myself down through in-app ads
Part 1: https://timsh.org/tracking-myself-down-through-in-app-ads/
Part 2: https://timsh.org/everyone-knows-your-location-part-2-try-it-yourself/
Plus a guide that helps to collect, analyze and visualize requests sent by a mobile device while using some app: https://github.com/tim-sha256/analyse-ad-traffic
SpyMax Variant Targeting Chinese-Speaking Users
https://threatmon.io/spymax-variant-targeting-chinese-speaking-users/
Intercepting HTTPS Communication in Flutter: Going Full Hardcore Mode with Frida
https://sensepost.com/blog/2025/intercepting-https-communication-in-flutter-going-full-hardcore-mode-with-frida/
Shibai: Trojanized version of WhatsApp that comes preinstalled on some low-cost Android phones. Altered using LSPatch, it replaces cryptocurrency addresses in messages and redirects update URLs to retain control
https://news.drweb.com/show/?lng=en&i=15002&c=5
Android Kernel Adventures: Insights into Compilation, Customization and Application Analysis
https://revflash.medium.com/android-kernel-adventures-insights-into-compilation-customization-and-application-analysis-d20af6f2080a
A Random and Simple Tip: Advanced Analysis of JNI Methods Using Frida
https://revflash.medium.com/a-random-and-simple-tip-advanced-analysis-of-jni-methods-using-frida-8b948ffcc8f5
Overview of the PlayPraetor Masquerading Party Variants
https://www.ctm360.com/reports/play-masquerading-party-report
BADBAZAAR and MOONSHINE: Spyware targeting Uyghur, Taiwanese and Tibetan groups and civil society actors
https://www.ncsc.gov.uk/news/advisory-badbazaar-moonshine
[pdf] DVa: Extracting Victims and Abuse Vectors from Android Accessibility Malware
https://www.usenix.org/system/files/sec24summer-prepub-136-xu-haichuan.pdf
Detailed Analysis of DocSwap Malware Disguised as Security Document Viewer operated by Kimsuky APT
https://medium.com/s2wblog/detailed-analysis-of-docswap-malware-disguised-as-security-document-viewer-218a728c36ff
TsarBot: A New Android Banking Trojan Targeting Over 750 Banking, Finance, and Cryptocurrency Applications
https://cyble.com/blog/tsarbot-using-overlay-attacks-targeting-bfsi-sector/
Feberis Pro: I have tested a new 4-in-1 Expansion Board for Flipper Zero
https://www.mobile-hacker.com/2025/03/31/feberis-pro-the-ultimate-4-in-1-expansion-board-for-flipper-zero/
APT36 Mimics India Post Website to Spread Malware to Windows and Android Users
https://www.cyfirma.com/research/turning-aid-into-attack-exploitation-of-pakistans-youth-laptop-scheme-to-target-india/
New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI (new Xamarin)
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui/