Qwizzserial malware steals banking information and intercepts 2FA SMS targeting Uzbekistan
https://www.group-ib.com/blog/rise-of-qwizzserial/
https://www.group-ib.com/blog/rise-of-qwizzserial/
โค9๐2๐1๐1๐1
Android on-device fuzzing: Reproducing a WhatsApp bug with AFL & Frida (CVE-2019-11932)
https://www.ibm.com/think/x-force/reproducing-million-dollar-bug-whatsapp-cve-2019-11932-afl-frida
https://www.ibm.com/think/x-force/reproducing-million-dollar-bug-whatsapp-cve-2019-11932-afl-frida
Ibm
Reproducing a million-dollar bug: WhatsApp CVE-2019-11932 (with AFL & Frida) | IBM
Dive into research on a double-free vulnerability, CVE-2019-11932, in an image processing library used by WhatsApp and a GIF-processing vulnerability affecting Android mobile phones.
๐16โค1๐1๐ด1
IconAds scheme: A collection of 352 apps which load out-of-context ads on a userโs screen and hide the app icons
https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-iconads/
https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-iconads/
HUMAN Security
Satori Threat Intelligence Alert: IconAds Conceals Source of Ad Fraud from Users
This scheme centered on a collection of 352 apps which load out-of-context ads on a userโs screen and hide the app icons, making it difficult for a user to identify the culprit app and remove it.
๐9โค1
Taking over 60k spyware user accounts with SQL injection
https://ericdaigle.ca/posts/taking-over-60k-spyware-user-accounts/
https://ericdaigle.ca/posts/taking-over-60k-spyware-user-accounts/
Eric Daigle
Taking over 60k spyware user accounts with SQL injection
Serverless means it's secure, right?
๐ฅ19๐1
Vibe Hacking with Nmap using Android
https://www.mobile-hacker.com/2025/07/07/vibe-hacking-with-nmap-using-android/
https://www.mobile-hacker.com/2025/07/07/vibe-hacking-with-nmap-using-android/
๐คฎ14๐7๐ฅด6๐คก5โค3๐3๐2๐2๐1๐ฉ1๐
1
How to Install Gemini CLI on Android using Termux
https://www.mobile-hacker.com/2025/07/09/how-to-install-gemini-cli-on-android-using-termux/
https://www.mobile-hacker.com/2025/07/09/how-to-install-gemini-cli-on-android-using-termux/
โค14๐ค7๐3
Anatsa Android Banking Trojan Infects 90,000 Users via Fake PDF App on Google Play
https://www.threatfabric.com/blogs/anatsa-targets-north-america-uses-proven-mobile-campaign-process
https://www.threatfabric.com/blogs/anatsa-targets-north-america-uses-proven-mobile-campaign-process
ThreatFabric
Anatsa Targets North America; Uses Proven Mobile Campaign Process
Anatsa targets North America again: ThreatFabric uncovers a new Android banking Trojan campaign using Google Play to compromise mobile banking apps.
๐7โค3๐ฅฑ1๐1
Media is too big
VIEW IN TELEGRAM
TapTrap: Itโs attack on Android where a dedicated app uses animation to lure you into tapping on the screen and performing unwanted actions without your consent #Tapjacking
TapTrap to enable camera access for a website via Chrome browser.
https://taptrap.click/
TapTrap to enable camera access for a website via Chrome browser.
https://taptrap.click/
๐22โค3๐คฏ3
The first version of Bitchat Android app was published
It is open-source, private, secure messaging app without needing the internet, that relies on Bluetooth mesh network
https://www.mobile-hacker.com/2025/07/10/offline-encrypted-and-private-messaging-using-new-bitchat-bluetooth-app/
It is open-source, private, secure messaging app without needing the internet, that relies on Bluetooth mesh network
https://www.mobile-hacker.com/2025/07/10/offline-encrypted-and-private-messaging-using-new-bitchat-bluetooth-app/
โค17๐2
Media is too big
VIEW IN TELEGRAM
How to setup Hijacker app on Samsung Galaxy S10 with wireless injection
https://forums.kali.org/t/hijacker-on-the-samsung-galaxy-s10-with-wireless-injection/10305
https://forums.kali.org/t/hijacker-on-the-samsung-galaxy-s10-with-wireless-injection/10305
๐10๐ฅ1
PerfektBlue Bluetooth attack allows hacking using 1-click RCE infotainment systems of Mercedes, Volkswagen, and Skoda (CVE-2024-45431, CVE-2024-45432, CVE-2024-45433, CVE-2024-45434)
https://perfektblue.pcacybersecurity.com/
https://perfektblue.pcacybersecurity.com/
PerfektBlue
PerfektBlue โ 1-Click RCE in Bluetooth
PCA Team uncovered critical over-the-air attack chain, enabling 1-click Remote Code Execution (RCE) in vulnerable devices. Affected manufacturers include Volkswagen, Mercedes-Benz and Skoda.
๐17๐ฅ1
How Malicious Android Apps Can Impersonate Yours Using Deep Links
https://medium.com/@frankheat/how-malicious-android-apps-can-impersonate-yours-using-deep-links-8eac7f245aaf
https://medium.com/@frankheat/how-malicious-android-apps-can-impersonate-yours-using-deep-links-8eac7f245aaf
Medium
How Malicious Android Apps Can Impersonate Yours Using Deep Links
Hey, Iโm frankheat. As a penetration tester, I focus on often-missed attack vectors. One of the more effective ones Iโve analyzed recentlyโฆ
โค16๐3๐1
Media is too big
VIEW IN TELEGRAM
Chat without internet via Bluetooth
It is open-source, private, secure messaging app without needing the internet, that relies on Bluetooth mesh network
Info: https://www.mobile-hacker.com/2025/07/10/offline-encrypted-and-private-messaging-using-new-bitchat-bluetooth-app/
Download the latest app: https://github.com/permissionlesstech/bitchat-android/releases
It is open-source, private, secure messaging app without needing the internet, that relies on Bluetooth mesh network
Info: https://www.mobile-hacker.com/2025/07/10/offline-encrypted-and-private-messaging-using-new-bitchat-bluetooth-app/
Download the latest app: https://github.com/permissionlesstech/bitchat-android/releases
๐จโ๐ป13๐1
Shizuku unlocks advanced functionality on any Android
Using Shizuku app your Android gains ADB (Shell) privileges to remove bloatware, list running processes, open listening ports, view stored Wi-Fi passwords, inspect logcat of other apps, enable/disable specific Android app components etc.
https://www.mobile-hacker.com/2025/07/14/shizuku-unlocking-advanced-android-capabilities-without-root/
Using Shizuku app your Android gains ADB (Shell) privileges to remove bloatware, list running processes, open listening ports, view stored Wi-Fi passwords, inspect logcat of other apps, enable/disable specific Android app components etc.
https://www.mobile-hacker.com/2025/07/14/shizuku-unlocking-advanced-android-capabilities-without-root/
โค29๐ฅ2๐1
eSIM might not be as safe as you think: researchers hack and clone numbers
https://security-explorations.com/esim-security.html
https://security-explorations.com/esim-security.html
๐10โค1๐ฅ1
This media is not supported in your browser
VIEW IN TELEGRAM
Include computers into Bluetooth mesh network for Bitchat app
โ ๏ธ More devices = more nodes
โ ๏ธ Wider communication range https://github.com/kaganisildak/bitchat-python
โ ๏ธ More devices = more nodes
โ ๏ธ Wider communication range https://github.com/kaganisildak/bitchat-python
๐5โค4๐2๐ฅ1
Fake Android Money Transfer App Targeting Bengali-Speaking Users
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fake-android-money-transfer-app-targeting-bengali-speaking-users/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fake-android-money-transfer-app-targeting-bengali-speaking-users/
McAfee Blog
Fake Android Money Transfer App Targeting Bengali-Speaking Users | McAfee Blog
Authored by Dexter Shin McAfeeโs Mobile Research Team discovered a new and active Android malware campaign targeting Bengali-speaking users, mainly
๐7
RaspyJack
Turn a Raspberry Pi Zero 2 W + Waveshare 1.44โณ LCD into a pocket-sized, SharkJack-style network multitool.
Key features:
โข Recon: Multi-profile Nmap scans
โข Shells: Reverse-shell launcher (pick IP on the fly or use a preset)
โข Creds Capture: Responder, ARP MITM + sniff, DNS-spoof phishing
โข Loot Viewer: Read Nmap / Responder / DNSSpoof logs on the screen
https://github.com/7h30th3r0n3/Raspyjack
Turn a Raspberry Pi Zero 2 W + Waveshare 1.44โณ LCD into a pocket-sized, SharkJack-style network multitool.
Key features:
โข Recon: Multi-profile Nmap scans
โข Shells: Reverse-shell launcher (pick IP on the fly or use a preset)
โข Creds Capture: Responder, ARP MITM + sniff, DNS-spoof phishing
โข Loot Viewer: Read Nmap / Responder / DNSSpoof logs on the screen
https://github.com/7h30th3r0n3/Raspyjack
๐ฅ18โค8