40562
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
Safari 1day RCE Exploit
Confirmed exploit works on macOS 13.3.1, iOS 15.8.2.
https://github.com/wh1te4ever/WebKit-Bug-256172/tree/ios-arm64
Analysis of Paragon’s Graphite Spyware Operations misusing WhatsApp Zero-Click exploit
https://citizenlab.ca/2025/03/a-first-look-at-paragons-proliferating-spyware-operations/
🚨 Android Threat Hunters, Your Job Just Got Easier!
ANY.RUN has just released a brand-new OS designed for real-time Android threat analysis inside a secure sandbox environment.
Now, businesses and security teams can:
✅ Detect Android threats faster
🔍 Investigate APK behavior in real time
⚡ Speed up incident response
💰 Reduce cybersecurity costs
Best part? It’s available for all plans—even FREE users!
👉 Try now: https://goo.su/GH7WO
Android Banking Trojan – OctoV2, masquerading as Deepseek AI
https://labs.k7computing.com/index.php/android-banking-trojan-octov2-masquerading-as-deepseek-ai/
[analysis] PlayPraetor trojan spreads through fake Play Store pages to steal user data
https://cdn.prod.website-files.com/66fbdb04ee8bb0436308fc15/67c83686e642fa846565699c_CTM360%20Report_%20PlayPraetor%20Trojan%20-%20Clear%20TLP.pdf
EvilLoader: Yesterday was published PoC for unpatched vulnerability affecting Telegram for Android.
The exploit has been sold on underground forum since January 2025.✅Don't install external players if requested by received corrupted video file on Telegram.
https://www.mobile-hacker.com/2025/03/05/evilloader-unpatched-telegram-for-android-vulnerability-disclosed/
Trigon: developing a deterministic kernel exploit for iOS
https://alfiecg.uk/2025/03/01/Trigon.html
Long Live The Vo1d Botnet: New Variant Hits 1.6 Million TV Globally
https://blog.xlab.qianxin.com/long-live-the-vo1d_botnet/
Exploiting the iOS Kernel by Spraying IOSurfaces (part 2)
https://youtu.be/Y-UI4dEFXFk
Android trojan TgToxic updates its capabilities
https://intel471.com/blog/android-trojan-tgtoxic-updates-its-capabilities
Bettercap on Android
60-pages guide on how to use bettercap on mobile device
https://www.mobile-hacker.com/2025/02/21/bettercap-on-android-a-portable-network-security-toolkit/
Introduction to Fuzzing Android Native Components: Strategies for Harness Creation
https://blog.convisoappsec.com/en/introduction-to-fuzzing-android-native-components-strategies-for-harness-creation/
Using capa Rules for Android Malware Detection
https://cloud.google.com/blog/topics/threat-intelligence/capa-rules-android-malware-detection/
BTMOB RAT: Newly Discovered Android Malware Spreading via Phishing Sites
https://cyble.com/blog/btmob-rat-newly-discovered-android-malware/
Exploiting the iOS Kernel by Spraying IOSurfaces
https://youtu.be/Y-UI4dEFXFk?si=6UpFUyABAX7htCWn
Looks like there is a demand for Telegram RCE exploit
https://techcrunch.com/2025/03/21/russian-zero-day-seller-is-offering-up-to-4-million-for-telegram-exploits/
Vapor malware: Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease
Blog: https://www.bitdefender.com/en-us/blog/labs/malicious-google-play-apps-bypassed-android-security
PDF report: https://go.integralads.com/rs/469-VBI-606/images/AMER_VAPOR_THREAT_REPORT_IAS.pdf
It works! The first real smartwatch with Wi-Fi injection, capturing a WPA2 handshake! Using Kali NetHunter running Hijacker app on TicWatch Pro 3 smartwatch. All of that is possible thanks to @yesimxev, one of NetHunter developers! Video credits to @yesimxev (X)
https://www.instagram.com/reel/DHK8eahN2IZ/
KoSpy: New Android Spyware was discovered on Google Play Store, operated by North Korea TA and attributed to APT37.
KoSpy app is still available on alternative app stores.
https://www.lookout.com/threat-intelligence/article/lookout-discovers-new-spyware-by-north-korean-apt37
BADBOX 2.0 Targets Consumer Devices with Multiple Fraud Schemes
https://www.humansecurity.com/learn/blog/satori-threat-intelligence-disruption-badbox-2-0/
Mobile malware evolution in 2024
https://securelist.com/mobile-threat-report-2024/115494/
Cellebrite zero-day exploit used to target phone of Serbian student activist to install Android spyware
https://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-used-to-target-phone-of-serbian-student-activist/
nRootTag: 1.5 Billion iPhones Used for Malicious Tracking
nRootTag vulnerability allows remote tracking through Apple's Find My network using Bluetooth technology
https://securityonline.info/nroottag-1-5-billion-iphones-used-for-malicious-tracking/
How to build portable Kali box with Raspberry Pi and Touchscreen
✅installation process
✅install drivers and switch output to touchscreen
✅allow auto-login
✅enable SSH as root
✅setup virtual keyboard
https://www.mobile-hacker.com/2025/02/26/building-a-portable-kali-box-with-raspberry-pi-and-touchscreen/
SpyLend Android malware downloaded 100,000 times from Google Play
https://www.cyfirma.com/research/spylend-the-android-app-available-on-google-play-store-enabling-financial-cyber-crime-extortion/
Qardio Heart Health IOS and Android Application and QardioARM A100
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-044-01
First analysis of Apple's USB Restricted Mode bypass (CVE-2025-24200)
https://blog.quarkslab.com/first-analysis-of-apples-usb-restricted-mode-bypass-cve-2025-24200.html
Network Security Issues in RedNote app
https://citizenlab.ca/2025/02/network-security-issues-in-rednote/
Evil Crow RF: A Portable Radio Frequency Device compatible with Flipper Zero Sub-GHz file format
https://www.mobile-hacker.com/2025/02/11/evil-crow-rf-a-portable-radio-frequency-device/
Unpacking the BADBOX Botnet with Censys
https://censys.com/unpacking-the-badbox-botnet/