43052
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
Intro to Android WebViews and deep links…and how to exploit them
https://djini.ai/intro-to-android-webviews-and-deep-links-and-how-to-exploit-them/
IPATool: command line tool that allows to download iOS apps on the App Store
https://github.com/majd/ipatool
Understanding and Experimenting with Apple's Pointer Authentication Codes (PAC) on iOS
https://blog.reversesociety.co/blog/2026/pointer-authentication-code-for-ios
Inside a Multi-Stage Android Malware Campaign Leveraging RTO-Themed Social Engineering
https://www.seqrite.com/blog/inside-a-multi-stage-android-malware-campaign-leveraging-rto-themed-social-engineering/
Sapsan Terminal: new AI‑powered HID scripting tool that speeds up payload creation and handles the syntax for 15 supported devices (video test)
https://www.mobile-hacker.com/2026/02/03/sapsan-terminal-ai-powered-badusb-script-generator/
Android Game Hacking (Part I)
justmobilesec/android-mobile-game-hacking-f428aef8eb98" rel="nofollow">https://medium.com/@justmobilesec/android-mobile-game-hacking-f428aef8eb98
Analysing a Pegasus 0-click Exploit for iOS
Recreated the "Blastpass" iOS exploit in a faked target process, to understand the heap shaping strategy first-hand
https://youtu.be/0JFcDCW3Sis
Modern iOS Security Features – A Deep Dive
into SPTM, TXM, and Exclaves
https://arxiv.org/pdf/2510.09272
The Rise of Android Arsink Rat
https://zimperium.com/blog/the-rise-of-arsink-rat
NFCShare (SuperCard X) Android Trojan: NFC card data theft via malicious APK
https://www.d3lab.net/nfcshare-android-trojan-nfc-card-data-theft-via-malicious-apk/
Android and authentication: The Evolution of FIDO Experiences on Android
https://bughunters.google.com/blog/fido
Samsung S23 Ultra: The Ultimate NetHunter Setup(Android 14 Fix)
JanCSG/samsung-s23-ultra-the-ultimate-nethunter-setup-31c1105201d9" rel="nofollow">https://medium.com/@JanCSG/samsung-s23-ultra-the-ultimate-nethunter-setup-31c1105201d9
Firebase APK Security Scanner
Scan Android APKs for Firebase security misconfigurations including open databases, exposed storage buckets, and authentication bypasses
https://github.com/trailofbits/skills/tree/main/plugins/firebase-apk-scanner
Frida-based tool to dump decrypted iOS apps as .ipa from a jailbroken device supports App Store, sideloaded and system
https://github.com/lautarovculic/frida-ipa-extract
WhisperPair: Hijacking Bluetooth Accessories
Using Google Fast Pair.
You can also check if your device is vulnerable
https://whisperpair.eu/
How to install OpenClaw on Android and control it via WhatsApp using automated script
Blog: https://www.mobile-hacker.com/2026/02/11/how-to-install-openclaw-on-an-android-phone-and-control-it-via-whatsapp/
Installer script: https://github.com/androidmalware/OpenClaw_Termux
Android Dynamic Class Dumper — dump all DEX files from running Android apps using Frida
https://github.com/TheQmaks/clsdumper
MobSF has Stored XSS via Manifest Analysis of uploaded APK (CVE-2026-24490 )
https://github.com/advisories/GHSA-8hf7-h89p-3pqj
FIRST Ever Online Mobile Hacking Conference
Free, worldwide online event bringing the mobile security community together for sessions on mobile hacking, AI, malware, forensics, live mobile‑focused CTF with prizes!
When: March 3 and 4, 2026
Register here: https://www.mobilehackinglab.com/mobile-hacking-conference-registration
Practical Mobile Traffic Interception
justmobilesec/practical-mobile-traffic-interception-1481e33d974e" rel="nofollow">https://medium.com/@justmobilesec/practical-mobile-traffic-interception-1481e33d974e
Deep-C: Android Deep Link misconfiguration detector and exploitation tool
https://github.com/KishorBal/deep-C
Carbonara: The MediaTek exploit nobody served
https://shomy.is-a.dev/blog/article/serving-carbonara
Penumbra is a tool for interacting with Mediatek devices.
It provides flashing and readback capabilities, as well as bootloader unlocking and relocking on vulnerable devices: https://github.com/shomykohai/penumbra
Android Trojan Campaign Uses Hugging Face Hosting for RAT Payload Delivery
https://www.bitdefender.com/en-us/blog/labs/android-trojan-campaign-hugging-face-hosting-rat-payload
Disrupting the World's Largest Residential Proxy Network
https://cloud.google.com/blog/topics/threat-intelligence/disrupting-largest-residential-proxy-network
Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation
https://www.welivesecurity.com/en/eset-research/love-actually-fake-dating-app-used-lure-targeted-spyware-campaign-pakistan/
A Frida-based utility for dynamically extracting native (.so) libraries from Android applications
https://github.com/TheQmaks/soSaver
Android.Phantom trojans are bundled with modded games and popular apps to infiltrate smartphones. They use machine learning and video broadcasts to engage in click fraud
https://news.drweb.com/show/?i=15110&lng=en
Analysis of CVE-2025-43529 (WebKit UAF) + CVE-2025-14174 (ANGLE OOB) exploit chain - iOS Safari
https://github.com/zeroxjf/WebKit-UAF-ANGLE-OOB-Analysis
WPair: app for testing Bluetooth WhisperPair vulnerability in Google's Fast Pair protocol (CVE-2025-36911) https://github.com/zalexdev/wpair-app
Читать полностью…
A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here?
https://projectzero.google/2026/01/pixel-0-click-part-3.html