DoNot APT Targets Individuals in South Asia using Android Malware
https://www.cyfirma.com/outofband/donot-apt-targets-individuals-in-south-asia-using-android-malware/

DAAM Android Botnet being distributed through Trojanized Applications
https://blog.cyble.com/2023/04/20/daam-android-botnet-being-distributed-through-trojanized-applications/

The Fuzzing Guide to the Galaxy: An Attempt with Android System Services
https://blog.thalium.re/posts/fuzzing-samsung-system-services/

Fakecalls Android Malware Abuses Legitimate Signing Key
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fakecalls-android-malware-abusing-legitimate-signing-key/

HiddenAds Spread via Android Gaming Apps on Google Play
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/hiddenads-spread-via-android-gaming-apps-on-google-play/

Google Play Store bad apps and developers review in 2022
-blocked 1.43 million apps to be available on the Store
-banned 173K bad accounts
-prevented 500K submitted apps from unnecessarily accessing sensitive permissions over the past 3 years
-expanded the App Defense Alliance (McAfee, Trend Micro, ESET, Lookout, Zimperium)
https://security.googleblog.com/2023/04/how-we-fought-bad-apps-and-bad-actors.html

Android Deep Link Issues And WebView Exploitation
https://8ksec.io/android-deeplink-and-webview-exploitation-8ksec-blogs/

Android Java code translation into native code to thwart AV detection
Video: https://youtu.be/UcdMx-te2NE
Slides and materials: https://github.com/LaurieWired/AndroidNativeObfuscation_defcon615

BouldSpy (DAAM) - Android Spyware Tied to Iranian Police Targeting Minorities
https://www.lookout.com/blog/iranian-spyware-bouldspy

Smartphones With Qualcomm Chip Secretly Share Private Information With US Chip-Maker
"Smart phones with Qualcomm chip secretly send personal data to Qualcomm. This data is sent without user consent, unencrypted, and even when using a Google-free Android distribution."
https://www.nitrokey.com/news/2023/smartphones-popular-qualcomm-chip-secretly-share-private-information-us-chip-maker

Androset: Automated script to convert and push Burp Suite certificate in Android, and modify Android's IP table to redirect all traffic to Burp Suite
https://github.com/Anof-cyber/Androset

Android TV Boxes: AllWinner H616/H618 & RockChip 3328 Android Malware Analysis & Cleanup
https://github.com/DesktopECHO/T95-H616-Malware

Android greybox fuzzing with AFL++ Frida mode
https://blog.quarkslab.com/android-greybox-fuzzing-with-afl-frida-mode.html

Vulnerabilities identified in Amazon Fire TV Stick
1) Local network PIN brute forcing (CVE-2023-1385)
2) Arbitrary Javascript code to execution (CVE-2023-1384)
3) Register services that are only locally accessible (CVE-2023-1383)
https://www.bitdefender.com/files/News/CaseStudies/study/430/Bitdefender-PR-Whitepaper-AMZFr-creat6696-en-EN.pdf

Flutter Hackers: Understand and reverse engineere Flutter APK Release Mode with Frida
Part 1: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-1-6c316be56b13
Part 2: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-2-598a44942b5e

Arbitrary code execution discoverd in Android imo-International Calls & Chat with 1B installs up to version 2022.11.1051 (CVE-2022-47757)
A path traversal vulnerability delivered using a deeplink can force the IMO app to write files into its data directory. This allows an attacker to write a library file that the app uses to dynamically load modules
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47757

FluHorse – Newly Discovered Android Malware Disguised as Popular Android Apps Targeting East Asia to steal victim credentials and 2FA codes
https://research.checkpoint.com/2023/eastern-asian-android-assault-fluhorse/