40562
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
Qwizzserial malware steals banking information and intercepts 2FA SMS targeting Uzbekistan
https://www.group-ib.com/blog/rise-of-qwizzserial/
Bluetooth gap turns headphones into listening stations
CVE-2025-20700: Missing Authentication for GATT Services
CVE-2025-20701: Missing Authentication for Bluetooth BR/EDR
CVE-2025-20702: Critical Capabilities of a Custom Protocol
https://insinuator.net/2025/06/airoha-bluetooth-security-vulnerabilities/
How to debug binaries using GDB in Android within Termux
https://ad2001.com/blog/gdb-inside-device
Reverse Engineering the Android Malware Targeting CBE Users
https://www.linkedin.com/pulse/reverse-engineering-new-android-malware-targeting-ukfie/
SparkKitty, SparkCat’s little brother: A new Trojan spy found in the App Store and Google Play
https://securelist.com/sparkkitty-ios-android-malware/116793/
Fake Play and Allegro Apps - a threat to Android users by Crocodilus banker
https://www.sirt.pl/falszywe-aplikacje-play-i-allegro-zagrozenie-dla-uzytkownikow-androida/
Malicious Loan App Removed from iOS and Google Play App Store Posed Severe Risks to Users
https://blog.checkpoint.com/research/malicious-loan-app-removed-from-ios-and-google-play-app-store-posed-severe-risks-to-users/v
How to fix Metasploit in Stryker
Metasploit stuck on init? Yoro from the Stryker community shared a script to fix it
script: https://www.mobile-hacker.com/2025/06/12/stryker-app-goes-free-the-ultimate-mobile-pentesting-toolkit/
Ghidra Is Best: Android Reverse Engineering
https://remyhax.xyz/posts/android-with-ghidra/
First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted via iMessage zero-click exploit (CVE-2025-43200)
https://citizenlab.ca/2025/06/first-forensic-confirmation-of-paragons-ios-mercenary-spyware-finds-journalists-targeted/
Can your phone be tracked without installing any malicious app?
Yes. In my post, I'll show how a simple link can reveal your smartphone’s location, demonstrate what a targeted user sees, how easy it is to set it up and how to prevent it
https://www.mobile-hacker.com/2025/06/10/seeker-how-a-simple-link-can-reveal-your-smartphones-location/
Locating Smartphones Using Seeker: How a Simple Link Can Reveal Your Smartphone’s Location
https://www.mobile-hacker.com/2025/06/10/seeker-how-a-simple-link-can-reveal-your-smartphones-location/
Android lock screen data leak (Awarded $500)
Due to a lock screen race its possible to leak interactive app contents since app launches show on the lock screen temporarily
https://ndevtk.github.io/writeups/2025/06/06/android-leak/
Android In-The-Wild: Unexpectedly Excavating a Kernel Exploit
https://www.youtube.com/watch?v=lnK1iACJ3-c
Transform Your Old Smartphone into a Pocket Cyberdeck with Kali NetHunter
Tutorial on how to 3D-print a minimalist palmtop-style case for Google Pixel 3 XL and install NetHunter on it with custom kernel
https://www.mobile-hacker.com/2025/06/06/transform-your-old-smartphone-into-a-pocket-cyberdeck-with-kali-nethunter/
The Ullu app (Web, Android, iOS) parental PIN protection can be bypassed via brute force techniques (CVE-2025-45083) https://pastebin.com/mFM1a3CP
Читать полностью…
A Tale of Breaking Android Decompilers and Unpackers
https://ad2001.com/blog/The%20Tale%20of%20Breaking%20Android%20Decompilers
Insecure Local Storage of Sensitive Payment and User Data on external storage by Airtel Android App (com.myairtelapp) (CVE-2025-5154)
https://github.com/honestcorrupt/-CVE-Proof-of-Concept-Airtel-Android-App-Insecure-Local-Storage-of-Sensitive-Data
FileFix – New Alternative to ClickFix Attack
https://www.mobile-hacker.com/2025/06/24/introducing-filefix-a-new-alternative-to-clickfix-attacks/
SpyMax – A Fake Wedding Invitation App Targeting Indian Mobile Users
https://labs.k7computing.com/index.php/spymax-a-fake-wedding-invitation-app-targeting-indian-mobile-users/
Your Mobile App, Their Playground: The Dark side of the Virtualization by GodFather malware
https://zimperium.com/blog/your-mobile-app-their-playground-the-dark-side-of-the-virtualization
Exploiting Unsanitized URL Handling and SQL Injection through Deep Links in iOS App: Write-up of Flipcoin Lab
https://infosecwriteups.com/exploiting-unsanitized-url-handling-sql-injection-via-deep-links-in-ios-app-write-up-of-flipcoin-066899b09fc2
How to use ADB & fastboot in Termux without root
You can use non-rooted Android to unlock bootloader, run ADB commands, remove bloatware, flash ROM, or even root another Android
https://www.mobile-hacker.com/2025/06/16/how-to-run-adb-and-fastboot-on-a-non-rooted-android-smartphone-using-termux/
The Stryker app is now FREE!
Packed with tools for Wi-Fi auditing, network scanning, and more — all from your Android device
👉I tested all of its features: https://www.mobile-hacker.com/2025/06/12/stryker-app-goes-free-the-ultimate-mobile-pentesting-toolkit
Stryker - Android pentesting app with premium access now free until 2050!
Scan networks, launch exploits, and test web apps—all from your phone
Bonus: includes a list of suggested WiFi adapters and SimpleUSB tool for identifying USB devices on the go
https://www.mobile-hacker.com/2025/06/12/stryker-app-goes-free-the-ultimate-mobile-pentesting-toolkit/
Bruteforcing the phone number of any Google user
https://brutecat.com/articles/leaking-google-phones
Over 20 Crypto Phishing Applications Found on the Play Store Stealing Mnemonic Phrases
https://cyble.com/blog/crypto-phishing-applications-on-the-play-store/
BrutDroid — Android Security Toolkit that automates tedious emulator setup with one command (emulator, Magisk, Frida, Burp certificates, etc.)
https://github.com/Brut-Security/BrutDroid/
DroidGround: Elevate your Android CTF Challenges
https://thelicato.medium.com/droidground-elevate-your-android-ctf-challenges-69a5c479965e
Android Spyware Alert! Fake government app targeting Android users in India!
https://labs.k7computing.com/index.php/android-spyware-alert-fake-government-app-targeting-android-users-in-india/