Zero-Click RCE Exploit for the Peloton Bike (And Also Every Other Unpatched Android Device)
https://www.nowsecure.com/blog/2022/02/09/a-zero-click-rce-exploit-for-the-peloton-bike-and-also-every-other-unpatched-android-device/

SIM Hijacking
https://sensepost.com/blog/2022/sim-hijacking/

Google awarded $8.7 million to 696 security researchers in 2021

Highest reward - $157,000 by discovering critical exploitation chain in Android (CVE-2021-39698)

- $3 million went to Android vulnerabilities
- $3.3 million went to Chrome browser bugs
- $0.5 million went to Google Play Store vulnerabilities
- $0.313 million went to Google Cloud bugs.
https://security.googleblog.com/2022/02/vulnerability-reward-program-2021-year.html

apkingo - get detailed information about apk files

I retrieves: package name, target SDK, permissions, metadata, certificate serial and issuer, info from Google Play Store and detect if it is malicious using Koodous
https://github.com/andpalmier/apkingo

How to Bypass Jailbreak Detection On iOS Apps & Games (iOS 11 - iOS 14)
https://idevicecentral.com/jailbreak-guide/how-to-bypass-jailbreak-detection-on-ios-applications-and-games-ios-11-ios-14/

WiFi Zero Click RCE Trigger PoC CVE-2021-1965
https://github.com/parsdefense/CVE-2021-1965

Collection of Android (Samsung) Security Related Resources https://github.com/NetKingJ/android-security-awesome

SMS PVA Services' Use of Infected Android Phones Reveals Flaws in SMS Verification
https://www.trendmicro.com/en_us/research/22/b/sms-pva-services-use-of-infected-android-phones-reveals-flaws-in-sms-verification.html

Mobile malware evolution 2021 by Kaspersky
https://securelist.com/mobile-malware-evolution-2021/105876/

Xenomorph: A newly hatched Banking Trojan
https://www.threatfabric.com/blogs/xenomorph-a-newly-hatched-banking-trojan.html

Xenomorph - new Android Banker - here is a quick video how smoothly it creates malicious overlay once targeted app (PayPal, Binance, Coinbase etc.) are launched by victim
https://youtu.be/7-yT65lVBf8

Writeup for an iOS 15 exploit that can achieve kernel

Impact: A malicious application may be able to execute arbitrary code with kernel privileges (CVE-2021-30955)
https://www.cyberkl.com/cvelist/cvedetail/24

Directory traversal vulnerability discovered in Android Slack lead to disclosure of auth tokens https://hackerone.com/reports/1378889

Intercepting Android Emulator SSL traffic with burp using magisk
https://infosecwriteups.com/intercepting-android-emulator-ssl-traffic-with-burp-using-magisk-bc948dca68f9

How to execute running Java code directly on Android (without creating an APK)
Part 1: https://raccoon.onyxbits.de/blog/run-java-app-android/
Part 2: https://raccoon.onyxbits.de/blog/programmatically-talking-to-the-android-system-adb-shell/

FireFox extension for generating Frida snippet scripts from official Android developer documentation

Right click on function names (public methods section) or fields and it will automatically copy generated Frida snippet
https://github.com/eybisi/android-developer-frida (no overload support for now)

PoC for CVE-2021-30955 has been publicly released affecting iOS 15.2
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
https://gist.github.com/jakeajames/37f72c58c775bfbdda3aa9575149a8aa

Bug found in Zenly - Social-Media App with 50M+ installs - Allowed Account Takeover
https://checkmarx.com/blog/zenly-fixes-user-data-exposure-and-account-takeover-risks/

Smali2Frida - generate Frida Hooks from .smali files
https://github.com/apkunpacker/Smali2Frida

Another iOS 15.1 kernel exploit PoC for CVE-2021-30955
https://github.com/b1n4r1b01/desc_race

Android TeaBot banking malware with 10K+ installs is still available on Google Play Store

QR Code downloads main.apk that drops payload and targets over 400 apps
https://www.cleafy.com/cleafy-labs/teabot-is-now-spreading-across-the-globe