The first version of Bitchat Android app was published
It is open-source, private, secure messaging app without needing the internet, that relies on Bluetooth mesh network
https://www.mobile-hacker.com/2025/07/10/offline-encrypted-and-private-messaging-using-new-bitchat-bluetooth-app/
It is open-source, private, secure messaging app without needing the internet, that relies on Bluetooth mesh network
https://www.mobile-hacker.com/2025/07/10/offline-encrypted-and-private-messaging-using-new-bitchat-bluetooth-app/
β€17π2
Media is too big
VIEW IN TELEGRAM
How to setup Hijacker app on Samsung Galaxy S10 with wireless injection
https://forums.kali.org/t/hijacker-on-the-samsung-galaxy-s10-with-wireless-injection/10305
https://forums.kali.org/t/hijacker-on-the-samsung-galaxy-s10-with-wireless-injection/10305
π10π₯1
PerfektBlue Bluetooth attack allows hacking using 1-click RCE infotainment systems of Mercedes, Volkswagen, and Skoda (CVE-2024-45431, CVE-2024-45432, CVE-2024-45433, CVE-2024-45434)
https://perfektblue.pcacybersecurity.com/
https://perfektblue.pcacybersecurity.com/
PerfektBlue
PerfektBlue β 1-Click RCE in Bluetooth
PCA Team uncovered critical over-the-air attack chain, enabling 1-click Remote Code Execution (RCE) in vulnerable devices. Affected manufacturers include Volkswagen, Mercedes-Benz and Skoda.
π17π₯1
How Malicious Android Apps Can Impersonate Yours Using Deep Links
https://medium.com/@frankheat/how-malicious-android-apps-can-impersonate-yours-using-deep-links-8eac7f245aaf
https://medium.com/@frankheat/how-malicious-android-apps-can-impersonate-yours-using-deep-links-8eac7f245aaf
Medium
How Malicious Android Apps Can Impersonate Yours Using Deep Links
Hey, Iβm frankheat. As a penetration tester, I focus on often-missed attack vectors. One of the more effective ones Iβve analyzed recentlyβ¦
β€16π3π1
Media is too big
VIEW IN TELEGRAM
Chat without internet via Bluetooth
It is open-source, private, secure messaging app without needing the internet, that relies on Bluetooth mesh network
Info: https://www.mobile-hacker.com/2025/07/10/offline-encrypted-and-private-messaging-using-new-bitchat-bluetooth-app/
Download the latest app: https://github.com/permissionlesstech/bitchat-android/releases
It is open-source, private, secure messaging app without needing the internet, that relies on Bluetooth mesh network
Info: https://www.mobile-hacker.com/2025/07/10/offline-encrypted-and-private-messaging-using-new-bitchat-bluetooth-app/
Download the latest app: https://github.com/permissionlesstech/bitchat-android/releases
π¨βπ»13π1
Shizuku unlocks advanced functionality on any Android
Using Shizuku app your Android gains ADB (Shell) privileges to remove bloatware, list running processes, open listening ports, view stored Wi-Fi passwords, inspect logcat of other apps, enable/disable specific Android app components etc.
https://www.mobile-hacker.com/2025/07/14/shizuku-unlocking-advanced-android-capabilities-without-root/
Using Shizuku app your Android gains ADB (Shell) privileges to remove bloatware, list running processes, open listening ports, view stored Wi-Fi passwords, inspect logcat of other apps, enable/disable specific Android app components etc.
https://www.mobile-hacker.com/2025/07/14/shizuku-unlocking-advanced-android-capabilities-without-root/
β€29π₯2π1
eSIM might not be as safe as you think: researchers hack and clone numbers
https://security-explorations.com/esim-security.html
https://security-explorations.com/esim-security.html
π10β€1π₯1
This media is not supported in your browser
VIEW IN TELEGRAM
Include computers into Bluetooth mesh network for Bitchat app
β οΈ More devices = more nodes
β οΈ Wider communication range https://github.com/kaganisildak/bitchat-python
β οΈ More devices = more nodes
β οΈ Wider communication range https://github.com/kaganisildak/bitchat-python
π5β€4π2π₯1
Fake Android Money Transfer App Targeting Bengali-Speaking Users
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fake-android-money-transfer-app-targeting-bengali-speaking-users/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fake-android-money-transfer-app-targeting-bengali-speaking-users/
McAfee Blog
Fake Android Money Transfer App Targeting Bengali-Speaking Users | McAfee Blog
Authored by Dexter Shin McAfeeβs Mobile Research Team discovered a new and active Android malware campaign targeting Bengali-speaking users, mainly
π7
RaspyJack
Turn a Raspberry Pi Zero 2 W + Waveshare 1.44β³ LCD into a pocket-sized, SharkJack-style network multitool.
Key features:
β’ Recon: Multi-profile Nmap scans
β’ Shells: Reverse-shell launcher (pick IP on the fly or use a preset)
β’ Creds Capture: Responder, ARP MITM + sniff, DNS-spoof phishing
β’ Loot Viewer: Read Nmap / Responder / DNSSpoof logs on the screen
https://github.com/7h30th3r0n3/Raspyjack
Turn a Raspberry Pi Zero 2 W + Waveshare 1.44β³ LCD into a pocket-sized, SharkJack-style network multitool.
Key features:
β’ Recon: Multi-profile Nmap scans
β’ Shells: Reverse-shell launcher (pick IP on the fly or use a preset)
β’ Creds Capture: Responder, ARP MITM + sniff, DNS-spoof phishing
β’ Loot Viewer: Read Nmap / Responder / DNSSpoof logs on the screen
https://github.com/7h30th3r0n3/Raspyjack
π₯18β€8
Konfety Returns: Classic Mobile Threat with New Evasion Techniques
https://zimperium.com/blog/konfety-returns-classic-mobile-threat-with-new-evasion-techniques
https://zimperium.com/blog/konfety-returns-classic-mobile-threat-with-new-evasion-techniques
Zimperium
Konfety Returns: Classic Mobile Threat with New Evasion Techniques
true
β€8π1
Keyboard Input Injection vulnerability in Air Keyboard iOS App Still Unpatched
https://www.mobile-hacker.com/2025/07/17/remote-input-injection-vulnerability-in-air-keyboard-ios-app-still-unpatched/
https://www.mobile-hacker.com/2025/07/17/remote-input-injection-vulnerability-in-air-keyboard-ios-app-still-unpatched/
β€9π2π1
Remote Code Execution Discovered in XTool AnyScan App: Risks to Phones and Vehicles
https://www.nowsecure.com/blog/2025/07/16/remote-code-execution-discovered-in-xtool-anyscan-app-risks-to-phones-and-vehicles/
https://www.nowsecure.com/blog/2025/07/16/remote-code-execution-discovered-in-xtool-anyscan-app-risks-to-phones-and-vehicles/
Nowsecure
Remote Code Execution Discovered in XTool AnyScan App: Risks to Phones and Vehicles - NowSecure
Learn how NowSecure has identified an app whose developers violated security guidelines, bypassing recommended procedures exposing systems to remote control.
β€6π1π΄1
This media is not supported in your browser
VIEW IN TELEGRAM
Sending bitcoin over Bluetooth between Bitchat Android and iPhone. Both have a native cashu ecash wallet built in.
The ecash travels directly from phone to phone. the sender needs no internet. It is instant and untraceable digital cash.
The ecash travels directly from phone to phone. the sender needs no internet. It is instant and untraceable digital cash.
π34π12π€¨7β€4π₯3π3β‘1π₯°1π€1π1
How To Turn Old Android Smartphone into Travel Router With NAS
https://www.mobile-hacker.com/2025/07/21/how-to-turn-old-android-smartphone-into-travel-router-with-nas/
https://www.mobile-hacker.com/2025/07/21/how-to-turn-old-android-smartphone-into-travel-router-with-nas/
Mobile Hacker
How To Turn Old Android Smartphone into Travel Router With NAS Mobile Hacker
Itβs not perfect, but it worksβa clever DIY project that blends portability, privacy, and practicality.
π10β€6π2
Android Misconfiguration Leading to Task Hijacking in Caller ID app with 10M+ installs (CVE-2025-7889) + demo
https://github.com/KMov-g/androidapps/blob/main/caller.id.phone.number.block.md
https://github.com/KMov-g/androidapps/blob/main/caller.id.phone.number.block.md
GitHub
androidapps/caller.id.phone.number.block.md at main Β· KMov-g/androidapps
Contribute to KMov-g/androidapps development by creating an account on GitHub.
π10β€7
Lookout Discovers Massistant Chinese Mobile Forensic Tooling
https://www.lookout.com/threat-intelligence/article/massistant-chinese-mobile-forensics
https://www.lookout.com/threat-intelligence/article/massistant-chinese-mobile-forensics
Lookout
Lookout Discovers Massistant Chinese Mobile Forensic Tooling | Threat Intel
Massistant is a mobile forensics application used by law enforcement in China to collect extensive information from mobile devices.
π6β€1
Unmasking Malicious APKs: Android Malware Blending Click Fraud and Credential Theft
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/unmasking-malicious-apks-android-malware-blending-click-fraud-and-credential-theft/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/unmasking-malicious-apks-android-malware-blending-click-fraud-and-credential-theft/
Levelblue
Unmasking Malicious APKs: Android Malware Blending Click Fraud and Credential Theft
Malicious APKs (Android Package Kit files) continue to serve as one of the most persistent and adaptable delivery mechanisms in mobile threat campaigns.
π6