A Random and Simple Tip: Advanced Analysis of JNI Methods Using Frida
https://revflash.medium.com/a-random-and-simple-tip-advanced-analysis-of-jni-methods-using-frida-8b948ffcc8f5
https://revflash.medium.com/a-random-and-simple-tip-advanced-analysis-of-jni-methods-using-frida-8b948ffcc8f5
Medium
A Random and Simple Tip: Advanced Analysis of JNI Methods Using Frida
In this article, I will share a tip for those interested in performing a more detailed analysis of the behavior of native methods, with aβ¦
π6
Newly Registered Domains Distributing SpyNote Malware
https://dti.domaintools.com/newly-registered-domains-distributing-spynote-malware/
https://dti.domaintools.com/newly-registered-domains-distributing-spynote-malware/
DomainTools Investigations | DTI
Newly Registered Domains Distributing SpyNote Malware - DomainTools Investigations | DTI
Deceptive websites hosted on newly registered domains are being used to deliver AndroidOS SpyNote malware. These sites mimic the Google Chrome install page on the Google Play Store.
π6
Android Kernel Adventures: Insights into Compilation, Customization and Application Analysis
https://revflash.medium.com/android-kernel-adventures-insights-into-compilation-customization-and-application-analysis-d20af6f2080a
https://revflash.medium.com/android-kernel-adventures-insights-into-compilation-customization-and-application-analysis-d20af6f2080a
Medium
Android Kernel Adventures: Insights into Compilation, Customization and Application Analysis
This article marks the first in a series aimed at sharing my adventures, personal notes, and insights into the Android kernel. My focusβ¦
π7π5π₯2π2
Rethinking Emulation for Fu(zzi)n(g) and Profit: Near-Native Rehosting for Embedded ARM Firmware
[Presentation] https://www.youtube.com/watch?v=o_ckTnTQlfs
[Slides] https://github.com/binarly-io/Research_Publications/blob/main/REverse_2025/Near-Native%20Rehosting%20for%20Embedded%20ARM%20Firmware.pdf
[Presentation] https://www.youtube.com/watch?v=o_ckTnTQlfs
[Slides] https://github.com/binarly-io/Research_Publications/blob/main/REverse_2025/Near-Native%20Rehosting%20for%20Embedded%20ARM%20Firmware.pdf
YouTube
RE//verse 2025: Rethinking Emulation for Fu(zzi)n(g) (Lukas Seidel)
Full title: Rethinking Emulation for Fu(zzi)n(g) and Profit: Near-Native Rehosting for Embedded ARM Firmware
Slides: https://github.com/binarly-io/Research_Publications/blob/main/REverse_2025/Near-Native%20Rehosting%20for%20Embedded%20ARM%20Firmware.pdf
β¦
Slides: https://github.com/binarly-io/Research_Publications/blob/main/REverse_2025/Near-Native%20Rehosting%20for%20Embedded%20ARM%20Firmware.pdf
β¦
π8β€1
Shibai: Trojanized version of WhatsApp that comes preinstalled on some low-cost Android phones. Altered using LSPatch, it replaces cryptocurrency addresses in messages and redirects update URLs to retain control
https://news.drweb.com/show/?lng=en&i=15002&c=5
https://news.drweb.com/show/?lng=en&i=15002&c=5
Dr.Web
Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft?
Every year, cryptocurrencies become more and more common as a payment method. According to the data for 2023, in developed countries about 20% of the population has at some time used such a means of payment, and in developing countries, where the bankingβ¦
π9π1
Magisk for Mobile Pentesting: Rooting Android Devices and Building Custom Modules
Part 1: https://medium.com/@justmobilesec/magisk-for-mobile-pentesting-rooting-android-devices-and-building-custom-modules-part-i-3ca7429f1faf
Part 2: https://medium.com/@justmobilesec/magisk-for-mobile-pentesting-rooting-android-devices-and-building-custom-modules-part-ii-22badc498437
Part 1: https://medium.com/@justmobilesec/magisk-for-mobile-pentesting-rooting-android-devices-and-building-custom-modules-part-i-3ca7429f1faf
Part 2: https://medium.com/@justmobilesec/magisk-for-mobile-pentesting-rooting-android-devices-and-building-custom-modules-part-ii-22badc498437
Medium
Magisk for Mobile Pentesting: Rooting Android Devices and Building Custom Modules (Part I)
TL;DR #1: Rooting an Android device allows for system modifications, bypassing restrictions, and performing security testing. This postβ¦
π₯20π5β€3π1π±1
Intercepting HTTPS Communication in Flutter: Going Full Hardcore Mode with Frida
https://sensepost.com/blog/2025/intercepting-https-communication-in-flutter-going-full-hardcore-mode-with-frida/
https://sensepost.com/blog/2025/intercepting-https-communication-in-flutter-going-full-hardcore-mode-with-frida/
π₯15π6π1
B(l)utter: Flutter Mobile Application Reverse Engineering Tool
https://github.com/worawit/blutter
https://github.com/worawit/blutter
GitHub
GitHub - worawit/blutter: Flutter Mobile Application Reverse Engineering Tool
Flutter Mobile Application Reverse Engineering Tool - worawit/blutter
π17β€4π₯3π1
SpyMax Variant Targeting Chinese-Speaking Users
https://threatmon.io/spymax-variant-targeting-chinese-speaking-users/
https://threatmon.io/spymax-variant-targeting-chinese-speaking-users/
ThreatMon
SpyMax Variant Targeting Chinese-Speaking Users
SpyMax Variant Targeting Chinese-Speaking Users: In early 2025, our threat intelligence team analyzed a highly sophisticated Android spyware.
π11π2
Android spyware trojan targets Russian military personnel who use Alpine Quest mapping software
https://news.drweb.com/show/?i=15006&lng=en&c=5
https://news.drweb.com/show/?i=15006&lng=en&c=5
Dr.Web
Android spyware trojan targets Russian military personnel who use Alpine Quest mapping software
Doctor Webβs experts have discovered Android.Spy.1292.origin, spyware whose main target is Russian military personnel. The attackers hide this trojan inside modified Alpine Quest mapping software and distribute it in various ways, including through one ofβ¦
π9
Everyone knows your location: tracking myself down through in-app ads
Part 1: https://timsh.org/tracking-myself-down-through-in-app-ads/
Part 2: https://timsh.org/everyone-knows-your-location-part-2-try-it-yourself/
Plus a guide that helps to collect, analyze and visualize requests sent by a mobile device while using some app: https://github.com/tim-sha256/analyse-ad-traffic
Part 1: https://timsh.org/tracking-myself-down-through-in-app-ads/
Part 2: https://timsh.org/everyone-knows-your-location-part-2-try-it-yourself/
Plus a guide that helps to collect, analyze and visualize requests sent by a mobile device while using some app: https://github.com/tim-sha256/analyse-ad-traffic
tim.sh
Everyone knows your location
How I tracked myself down using leaked location data in the in-app ads, and what I found along the way.
π₯17β€1π1
SuperCard X: exposing a Chinese-speaker MaaS for NFC Relay fraud operation
https://www.cleafy.com/cleafy-labs/supercardx-exposing-chinese-speaker-maas-for-nfc-relay-fraud-operation?s=03
https://www.cleafy.com/cleafy-labs/supercardx-exposing-chinese-speaker-maas-for-nfc-relay-fraud-operation?s=03
Cleafy
SuperCard X: exposing a Chinese-speaker MaaS for NFC Relay fraud operation | Cleafy
A new fraud campaign based on the Android malware "SuperCard X" and innovative NFC relay techniques is impacting Italian's banking. Read our latest report to learn more.
π©8π₯4β€1π1
CVE-2024-53104 proof of concept: Privilege escalation security flaw in the Android Kernel's USB Video Class driver that allows authenticated local threat actors to elevate privileges in low-complexity attacks
https://github.com/zhuowei/facedancer/blob/rawgadget2/examples/camera.py#L15
https://github.com/zhuowei/facedancer/blob/rawgadget2/examples/camera.py#L15
GitHub
facedancer/examples/camera.py at rawgadget2 Β· zhuowei/facedancer
Fork of https://github.com/xairy/Facedancer/tree/rawgadget with patches for testing CVE-2024-53197 - zhuowei/facedancer
π₯19π4
Rooting an Android Emulator for Mobile Security Testing
https://8ksec.io/rooting-an-android-emulator-for-mobile-security-testing/
https://8ksec.io/rooting-an-android-emulator-for-mobile-security-testing/
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
Rooting an Android Emulator for Mobile Security Testing - 8kSec
Introduction Rooting an Android emulator is essential for mobile app security research because it allows researchers to use powerful instrumentation and debugging tools that require root privileges. By obtaining full root (superuser) access on an AVD, youβ¦
π₯21π9β€1π₯°1π1
Triada strikes back
https://securelist.com/triada-trojan-modules-analysis/116380/
https://securelist.com/triada-trojan-modules-analysis/116380/
Securelist
A new version of Triada spreads embedded in the firmware of Android devices
Kaspersky expert has discovered a new version of the Triada Trojan, with custom modules for Telegram, WhatsApp, TikTok, and other apps.
β€βπ₯13π4β€3π1
AirBorne: Wormable Zero-Click Remote Code Execution (RCE) in AirPlay Protocol Puts Apple & IoT Devices at Risk
https://www.oligo.security/blog/airborne
https://www.oligo.security/blog/airborne
www.oligo.security
Airborne: Wormable Zero-Click RCE in Apple AirPlay Puts Billions of Devices at Risk | Oligo Security | Oligo Security
Oligo Security reveals AirBorne, a new set of vulnerabilities in Appleβs AirPlay protocol and SDK. Learn how zero-click RCEs, ACL bypasses, and wormable exploits could endanger Apple and IoT devices worldwide β and how to protect yourself.
π8π2π€·ββ1π₯°1
EvilNotify: Single line of code could soft-brick iPhones by sending malicious notifications (CVE-2025-24091)
https://rambo.codes/posts/2025-04-24-how-a-single-line-of-code-could-brick-your-iphone
https://rambo.codes/posts/2025-04-24-how-a-single-line-of-code-could-brick-your-iphone
Rambo Codes
How a Single Line Of Code Could Brick Your iPhone | Rambo Codes
Gui Rambo writes about his coding and reverse engineering adventures.
π₯15π©5
TM SGNL, the obscure unofficial Signal app Mike Waltz uses to text with Trump officials
Analysis: https://micahflee.com/tm-sgnl-the-obscure-unofficial-signal-app-mike-waltz-uses-to-text-with-trump-officials/
Source code: https://micahflee.com/heres-the-source-code-for-the-unofficial-signal-app-used-by-trump-officials/
Analysis: https://micahflee.com/tm-sgnl-the-obscure-unofficial-signal-app-mike-waltz-uses-to-text-with-trump-officials/
Source code: https://micahflee.com/heres-the-source-code-for-the-unofficial-signal-app-used-by-trump-officials/
micahflee
TM SGNL, the obscure unofficial Signal app Mike Waltz uses to text with Trump officials
π‘Update May 3, 2025: I have posted a follow-up, Here's the source code for the unofficial Signal app used by Trump officials.
Update May 4, 2025: Another followup, and a big one: The Signal Clone the Trump Admin Uses Was Hacked
Update May 6, 2025: I'veβ¦
Update May 4, 2025: Another followup, and a big one: The Signal Clone the Trump Admin Uses Was Hacked
Update May 6, 2025: I'veβ¦
π12β€1
Ollama LLM with jadx for APK analysis
https://github.com/zinja-coder/zin-mcp-client
https://github.com/zinja-coder/zin-mcp-client
GitHub
GitHub - zinja-coder/zin-mcp-client: MCP Client which serves as bridge between mcp servers and local LLMs running on Ollama, Createdβ¦
MCP Client which serves as bridge between mcp servers and local LLMs running on Ollama, Created for MCP Servers Developed by Me, However other MCP Servers may run as well - zinja-coder/zin-mcp-client
π₯15π4β€1π1π1
Advanced Anti-Forensic Protection of Mobile Applications
https://www.researchgate.net/publication/375258345_Advanced_Anti-Forensic_Protection_of_Mobile_Applications
https://www.researchgate.net/publication/375258345_Advanced_Anti-Forensic_Protection_of_Mobile_Applications
ResearchGate
(PDF) Advanced Anti-Forensic Protection of Mobile Applications
PDF | AbstractβA mobile device is usually the carrier of its owner's sensitive data, but it also contains a lot of system data that reveals the... | Find, read and cite all the research you need on ResearchGate
β€13π2π₯1π1
The Human Interface Device (HID) Attack on Android Lock Screen Non-Biometric Protections and Its Computational Complexity
https://www.researchgate.net/publication/361992079_The_Human_Interface_Device_HID_Attack_on_Android_Lock_Screen_Non-Biometric_Protections_and_Its_Computational_Complexity
https://www.researchgate.net/publication/361992079_The_Human_Interface_Device_HID_Attack_on_Android_Lock_Screen_Non-Biometric_Protections_and_Its_Computational_Complexity
ResearchGate
(PDF) The Human Interface Device (HID) Attack on Android Lock Screen Non-Biometric Protections and Its Computational Complexity
PDF | Nowadays, information obtained from mobile phones is often the subject of evidence in front of a court. ForensicNowadays, information obtained... | Find, read and cite all the research you need on ResearchGate
β€8π1π1