Cellebrite zero-day exploit used to target phone of Serbian student activist to install Android spyware
https://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-used-to-target-phone-of-serbian-student-activist/
https://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-used-to-target-phone-of-serbian-student-activist/
Amnesty International Security Lab
Cellebrite zero-day exploit used to target phone of Serbian student activist - Amnesty International Security Lab
Amnesty Internationalโs Security Lab uncovers sophisticated Cellebrite zero-day exploit, impacting billions of Android devices.
๐ฅ17๐3๐1๐ฉ1
Trigon: developing a deterministic kernel exploit for iOS
https://alfiecg.uk/2025/03/01/Trigon.html
https://alfiecg.uk/2025/03/01/Trigon.html
Alfie CG
Trigon: developing a deterministic kernel exploit for iOS (part 1)
Background Vulnerability Experimentation Arbitrary physical mapping Dynamically finding our mapping base Finding the kernel base A10(X) A11 Non-KTRR devices Virtual kernel read/write Page table panic Brandon Azadโs method PV head table (again) IOSurface kernelโฆ
๐ฅ11๐2๐1๐1
Mobile malware evolution in 2024
https://securelist.com/mobile-threat-report-2024/115494/
https://securelist.com/mobile-threat-report-2024/115494/
Securelist
The mobile threat landscape in 2024
โค10๐2๐1๐ฅฑ1๐1
EvilLoader: Yesterday was published PoC for unpatched vulnerability affecting Telegram for Android.
The exploit has been sold on underground forum since January 2025.โ Don't install external players if requested by received corrupted video file on Telegram.
https://www.mobile-hacker.com/2025/03/05/evilloader-unpatched-telegram-for-android-vulnerability-disclosed/
The exploit has been sold on underground forum since January 2025.โ Don't install external players if requested by received corrupted video file on Telegram.
https://www.mobile-hacker.com/2025/03/05/evilloader-unpatched-telegram-for-android-vulnerability-disclosed/
Mobile Hacker
EvilLoader: Unpatched Telegram for Android Vulnerability Disclosed
A newly disclosed in Telegram for Android, dubbed EvilLoader, allows attackers to disguise malicious APKs as video files, potentially leading to unauthorized malware installations on users' devices.
๐19โค4๐ฅ3๐2๐1
BADBOX 2.0 Targets Consumer Devices with Multiple Fraud Schemes
https://www.humansecurity.com/learn/blog/satori-threat-intelligence-disruption-badbox-2-0/
https://www.humansecurity.com/learn/blog/satori-threat-intelligence-disruption-badbox-2-0/
HUMAN Security
Satori Threat Intelligence Disruption: BADBOX 2.0 Targets Consumer Devices with Multiple Fraud Schemes - HUMAN Security
HUMAN's Satori Threat Intelligence and Research Team uncovered BADBOX 2.0, a major expansion and adaptation of the earlier BADBOX operation.
๐13๐ฅ5๐3โค1
[analysis] PlayPraetor trojan spreads through fake Play Store pages to steal user data
https://cdn.prod.website-files.com/66fbdb04ee8bb0436308fc15/67c83686e642fa846565699c_CTM360%20Report_%20PlayPraetor%20Trojan%20-%20Clear%20TLP.pdf
https://cdn.prod.website-files.com/66fbdb04ee8bb0436308fc15/67c83686e642fa846565699c_CTM360%20Report_%20PlayPraetor%20Trojan%20-%20Clear%20TLP.pdf
๐10๐1
KoSpy: New Android Spyware was discovered on Google Play Store, operated by North Korea TA and attributed to APT37.
KoSpy app is still available on alternative app stores.
https://www.lookout.com/threat-intelligence/article/lookout-discovers-new-spyware-by-north-korean-apt37
KoSpy app is still available on alternative app stores.
https://www.lookout.com/threat-intelligence/article/lookout-discovers-new-spyware-by-north-korean-apt37
Lookout
Lookout Discovers North Korean APT37 Mobile Spyware | Threat Intel
Lookout researchers have discovered a novel Android surveillance tool dubbed KoSpy. It is attributed to APT 37 aka ScarCruft.
๐7๐3โค2
Android Banking Trojan โ OctoV2, masquerading as Deepseek AI
https://labs.k7computing.com/index.php/android-banking-trojan-octov2-masquerading-as-deepseek-ai/
https://labs.k7computing.com/index.php/android-banking-trojan-octov2-masquerading-as-deepseek-ai/
K7 Labs
Android Banking Trojan โ OctoV2, masquerading as Deepseek AI
The world is moving from human reality to artificial reality aka advanced artificial intelligence (AI). In January 2025, Deepseek, an [โฆ]
๐11โค1๐1๐ฅฑ1๐ด1
It works! The first real smartwatch with Wi-Fi injection, capturing a WPA2 handshake! Using Kali NetHunter running Hijacker app on TicWatch Pro 3 smartwatch. All of that is possible thanks to @yesimxev, one of NetHunter developers! Video credits to @yesimxev (X)
https://www.instagram.com/reel/DHK8eahN2IZ/
https://www.instagram.com/reel/DHK8eahN2IZ/
๐ฅ17๐3๐3โค1๐1
๐จ Android Threat Hunters, Your Job Just Got Easier!
ANY.RUN has just released a brand-new OS designed for real-time Android threat analysis inside a secure sandbox environment.
Now, businesses and security teams can:
โ Detect Android threats faster
๐ Investigate APK behavior in real time
โก Speed up incident response
๐ฐ Reduce cybersecurity costs
Best part? Itโs available for all plansโeven FREE users!
๐ Try now: https://goo.su/GH7WO
ANY.RUN has just released a brand-new OS designed for real-time Android threat analysis inside a secure sandbox environment.
Now, businesses and security teams can:
โ Detect Android threats faster
๐ Investigate APK behavior in real time
โก Speed up incident response
๐ฐ Reduce cybersecurity costs
Best part? Itโs available for all plansโeven FREE users!
๐ Try now: https://goo.su/GH7WO
๐16โค3
Vapor malware: Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease
Blog: https://www.bitdefender.com/en-us/blog/labs/malicious-google-play-apps-bypassed-android-security
PDF report: https://go.integralads.com/rs/469-VBI-606/images/AMER_VAPOR_THREAT_REPORT_IAS.pdf
Blog: https://www.bitdefender.com/en-us/blog/labs/malicious-google-play-apps-bypassed-android-security
PDF report: https://go.integralads.com/rs/469-VBI-606/images/AMER_VAPOR_THREAT_REPORT_IAS.pdf
Bitdefender Labs
Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease
Bitdefender's security researchers have found a huge ad fraud campaign with hundreds of malicious apps in the Google Play Store
๐10๐2
Analysis of Paragonโs Graphite Spyware Operations misusing WhatsApp Zero-Click exploit
https://citizenlab.ca/2025/03/a-first-look-at-paragons-proliferating-spyware-operations/
https://citizenlab.ca/2025/03/a-first-look-at-paragons-proliferating-spyware-operations/
๐ฅ18๐3โค1๐1
Looks like there is a demand for Telegram RCE exploit
https://techcrunch.com/2025/03/21/russian-zero-day-seller-is-offering-up-to-4-million-for-telegram-exploits/
https://techcrunch.com/2025/03/21/russian-zero-day-seller-is-offering-up-to-4-million-for-telegram-exploits/
๐ฅ24๐6๐2โค1๐1๐คฎ1๐ฉ1๐คก1
Safari 1day RCE Exploit
Confirmed exploit works on macOS 13.3.1, iOS 15.8.2.
https://github.com/wh1te4ever/WebKit-Bug-256172/tree/ios-arm64
Confirmed exploit works on macOS 13.3.1, iOS 15.8.2.
https://github.com/wh1te4ever/WebKit-Bug-256172/tree/ios-arm64
GitHub
GitHub - wh1te4ever/WebKit-Bug-256172 at ios-arm64
Safari 1day RCE Exploit. Contribute to wh1te4ever/WebKit-Bug-256172 development by creating an account on GitHub.
โคโ๐ฅ14๐ฉ4๐3๐คก2๐1๐1
New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI (new Xamarin)
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui/
McAfee Blog
New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI | McAfee Blog
Authored by Dexter Shin Summary Cybercriminals are constantly evolving their techniques to bypass security measures. Recently, the McAfee Mobile
๐6โค2๐1
A Blueprint of Android Activity Lifecycle
https://8ksec.io/a-blueprint-of-android-activity-lifecycle/
https://8ksec.io/a-blueprint-of-android-activity-lifecycle/
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
A Blueprint of Android Activity Lifecycle - 8kSec
Introduction The Android Activity lifecycle is a sequence of state changes and callbacks that every Android Activity goes through from creation to destruction.Understanding the Android Activity lifecycle is important not only for developers aiming to buildโฆ
๐9๐คก4๐1๐คฃ1
APT36 Mimics India Post Website to Spread Malware to Windows and Android Users
https://www.cyfirma.com/research/turning-aid-into-attack-exploitation-of-pakistans-youth-laptop-scheme-to-target-india/
https://www.cyfirma.com/research/turning-aid-into-attack-exploitation-of-pakistans-youth-laptop-scheme-to-target-india/
CYFIRMA
TURNING AID INTO ATTACK: EXPLOITATION OF PAKISTAN'S YOUTH LAPTOP SCHEME TO TARGET INDIA - CYFIRMA
EXECUTIVE SUMMARY In this report, CYFIRMA examines the tactics employed by a Pakistan-based APT group, assessed with medium confidence as...
๐7
PJobRAT makes a comeback, takes another crack at chat apps
https://news.sophos.com/en-us/2025/03/27/pjobrat-makes-a-comeback-takes-another-crack-at-chat-apps/
https://news.sophos.com/en-us/2025/03/27/pjobrat-makes-a-comeback-takes-another-crack-at-chat-apps/
Sophos
PJobRAT makes a comeback, takes another crack at chat apps
Sophos X-Ops uncovers a recent campaign from an Android RAT first seen in 2019 โ now infecting users in Taiwan
๐6โค1
Feberis Pro: I have tested a new 4-in-1 Expansion Board for Flipper Zero
https://www.mobile-hacker.com/2025/03/31/feberis-pro-the-ultimate-4-in-1-expansion-board-for-flipper-zero/
https://www.mobile-hacker.com/2025/03/31/feberis-pro-the-ultimate-4-in-1-expansion-board-for-flipper-zero/
Mobile Hacker
Feberis Pro: The Ultimate 4-in-1 Expansion Board for Flipper Zero
In a previous blog post, I introduced Feberis, a versatile expansion board that enhanced the capabilities of the Flipper Zero by offering additional communication protocols. Now, I am excited to dive into the newly released Feberis Pro, a next-generationโฆ
๐19
Exposing Crocodilus: New Device Takeover Malware Targeting Android Devices
https://www.threatfabric.com/blogs/exposing-crocodilus-new-device-takeover-malware-targeting-android-devices
https://www.threatfabric.com/blogs/exposing-crocodilus-new-device-takeover-malware-targeting-android-devices
ThreatFabric
Exposing Crocodilus: New Device Takeover Malware Targeting Android Devices
ThreatFabric analysts discovered a new Device-Takeover Android banking Trojan equipped with remote access, black screen overlays, and advanced credential theft capabilities.
๐8
TsarBot: A New Android Banking Trojan Targeting Over 750 Banking, Finance, and Cryptocurrency Applications
https://cyble.com/blog/tsarbot-using-overlay-attacks-targeting-bfsi-sector/
https://cyble.com/blog/tsarbot-using-overlay-attacks-targeting-bfsi-sector/
Cyble
TsarBot Trojan Hits 750+ Banking & Crypto Apps!
Beware of TsarBot! This Android banking Trojan spreads via phishing, steals credentials, and hijacks devices. Stay safe with our latest insights.
๐9๐1