Hook Version 3: The Banking Trojan with The Most Advanced Capabilities
https://zimperium.com/blog/hook-version-3-the-banking-trojan-with-the-most-advanced-capabilities
https://zimperium.com/blog/hook-version-3-the-banking-trojan-with-the-most-advanced-capabilities
Zimperium
Hook Version 3: The Banking Trojan with The Most Advanced Capabilities
true
โค12๐2๐1
Sotap โ A lightweight .so library for logging the behavior of JNI libraries
https://github.com/RezaArbabBot/SoTap
https://github.com/RezaArbabBot/SoTap
GitHub
GitHub - RezaArbabBot/SoTap: sotap is an open source project in line with so(jni) logging. Any use is at your own risk. You canโฆ
sotap is an open source project in line with so(jni) logging. Any use is at your own risk. You can customize the c file then build and get the output - RezaArbabBot/SoTap
๐8๐2โค1๐ฅ1
GodFather - Part 1 - A multistage dropper
https://shindan.io/blog/godfather-part-1-a-multistage-dropper
https://shindan.io/blog/godfather-part-1-a-multistage-dropper
shindan.io
Blog - GodFather - Part 1 - A multistage dropper
Shindan est une application SaaS, mobile et desktop qui dรฉtecte les compromissions et vulnรฉrabilitรฉs sur smartphones et tablettes, sans accรจs aux donnรฉes personnelles. Obtenez un diagnostic rapide et prรฉcis pour protรฉger vos VIP et collaborateurs.
โค11๐3๐3๐คฎ1
Threat Actors Use Facebook Ads to Deliver Android Malware
https://www.bitdefender.com/en-us/blog/labs/malvertising-campaign-on-meta-expands-to-android-pushing-advanced-crypto-stealing-malware-to-users-worldwide
https://www.bitdefender.com/en-us/blog/labs/malvertising-campaign-on-meta-expands-to-android-pushing-advanced-crypto-stealing-malware-to-users-worldwide
Bitdefender Labs
Malvertising Campaign on Meta Expands to Android, Pushing Advanced Crypto-Stealing Malware to Users Worldwide
Many people believe that smartphones are somehow less of a target for threat actors.
๐9๐4โค2๐คก2
WhatsApp Zero-Day Vulnerability Exploited with 0-Click Attacks to Hack Apple Devices
https://gbhackers.com/whatsapp-zero-day-vulnerability-exploited-with-0-click-attacks/
https://gbhackers.com/whatsapp-zero-day-vulnerability-exploited-with-0-click-attacks/
GBHackers Security | #1 Globally Trusted Cyber Security News Platform
WhatsApp Zero-Day Vulnerability Exploited with 0-Click Attacks to Hack Apple Devices
WhatsApp zero-day vulnerability CVE-2025-55177 is currently under active exploitation, with a critical advisory issued as attackers target iOS and Mac devices.
๐7๐5๐ฅ2โค1
SikkahBot Malware Campaign Lures and Defrauds Students in Bangladesh
https://cyble.com/blog/sikkahbot-malware-defrauds-students-in-bangladesh/
https://cyble.com/blog/sikkahbot-malware-defrauds-students-in-bangladesh/
Cyble
SikkahBot Malware Campaign Defrauds Students In Bangladesh
Cyble Research and Intelligence Labs (CRIL) has uncovered โSikkahBotโ, a new Android malware campaign targeting students in Bangladesh since July 2024.
โค10๐2๐1
SSLPinDetect: Advanced SSL Pinning Detection for Android Security Analysis
Blog: https://petruknisme.medium.com/sslpindetect-advanced-ssl-pinning-detection-for-android-security-analysis-1390e9eca097
Tool: https://github.com/aancw/SSLPinDetect
Blog: https://petruknisme.medium.com/sslpindetect-advanced-ssl-pinning-detection-for-android-security-analysis-1390e9eca097
Tool: https://github.com/aancw/SSLPinDetect
Medium
SSLPinDetect: Advanced SSL Pinning Detection for Android Security Analysis
In the ever-evolving landscape of mobile application security, SSL pinning has become a crucial defense mechanism against man-in-the-middleโฆ
โค15๐5๐4๐ฅ3
Android Droppers: The Silent Gatekeepers of Malware
https://www.threatfabric.com/blogs/android-droppers-the-silent-gatekeepers-of-malware
https://www.threatfabric.com/blogs/android-droppers-the-silent-gatekeepers-of-malware
ThreatFabric
Android Droppers: The Silent Gatekeepers of Malware
In our latest research we describe how droppers on Android are the silent malware gate keepers.
๐10๐7๐3
Critical CVE-2025-48539 Android RCE allows an attacker within physical or network proximity, such as Bluetooth or WiFi range, to execute arbitrary code on the device without any user interaction or privileges
https://osv.dev/vulnerability/ASB-A-406785684
https://grok.com/s/bGVnYWN5_f5103b21-64a1-4b1c-beaf-184a290ca23d
https://osv.dev/vulnerability/ASB-A-406785684
https://grok.com/s/bGVnYWN5_f5103b21-64a1-4b1c-beaf-184a290ca23d
osv.dev
OSV - Open Source Vulnerabilities
Comprehensive vulnerability database for your open source projects and dependencies.
๐คฏ19๐ฅ9๐6๐ฑ4โค2๐2
Reverse engineering of Apple's iOS 0-click CVE-2025-43300
https://blog.quarkslab.com/patch-analysis-of-Apple-iOS-CVE-2025-43300.html
https://blog.quarkslab.com/patch-analysis-of-Apple-iOS-CVE-2025-43300.html
Quarkslab
Reverse engineering of Apple's iOS 0-click CVE-2025-43300: 2 bytes that make size matter - Quarkslab's blog
On August 20th, Apple released an out-of-band security fix for its main operating systems. This patch allegedly fixes CVE-2025-43300, an out-of-bounds write, addressed with improved bounds checking in the ImageIO framework. In this blog post we provide aโฆ
๐ฅ10๐5
[beginners] Building an Android Bug Bounty lab - guide to configuring emulators, real devices, proxies, Magisk, Burp, Frida
https://www.yeswehack.com/learn-bug-bounty/android-lab-mobile-hacking-tools
https://www.yeswehack.com/learn-bug-bounty/android-lab-mobile-hacking-tools
YesWeHack
The bug hunterโs guide to building an Android mobile hacking lab
Covering the pros and cons of emulators versus real devices, and how to configure Magisk, Burp, Frida, Medusa and other mobile hacking tools.
๐ฅ25๐3๐1๐1๐ฅฑ1
Agentic Discovery and Validation of Android App Vulnerabilities
https://arxiv.org/pdf/2508.21579v1
https://arxiv.org/pdf/2508.21579v1
๐ฅ9๐3
CoRCTF 2025 - CoRPhone: Android Kernel Pwn
CoRPhone is an Android kernel exploitation challenge created for CoRCTF 2025. It simulates a scenario in which a kernel exploit is delivered as shellcode and executed in memory by an untrusted Android app.
https://github.com/0xdevil/corphone/tree/main
CoRPhone is an Android kernel exploitation challenge created for CoRCTF 2025. It simulates a scenario in which a kernel exploit is delivered as shellcode and executed in memory by an untrusted Android app.
https://github.com/0xdevil/corphone/tree/main
GitHub
GitHub - 0xdevil/corphone: CoRCTF 2025 - CoRPhone: Android Kernel Pwn
CoRCTF 2025 - CoRPhone: Android Kernel Pwn. Contribute to 0xdevil/corphone development by creating an account on GitHub.
๐17โค9๐คฉ3
Analysis of CVE-2025-38352 and technical insights into process of triggering the bug that caused a crash in the Android kernel. It was released in the September 2025 Android Bulletin, marked as possibly under limited, targeted exploitation.
https://streypaws.github.io/posts/Race-Against-Time-in-the-Kernel-Clockwork/
https://streypaws.github.io/posts/Race-Against-Time-in-the-Kernel-Clockwork/
StreyPaws
Race Against Time in the Kernelโs Clockwork
An in-depth exploration of the Linux POSIX CPU Timer Subsystem, including patch analysis and vulnerability insights for Android Kernel CVE-2025-38352.
โค13๐2
The Rise of RatOn: From NFC heists to remote control and ATS
https://www.threatfabric.com/blogs/the-rise-of-raton-from-nfc-heists-to-remote-control-and-ats
https://www.threatfabric.com/blogs/the-rise-of-raton-from-nfc-heists-to-remote-control-and-ats
ThreatFabric
The Rise of RatOn: From NFC heists to remote control and ATS
This new research by ThreatFabric exposes RatOn, a new banking trojan with powerful capabilities.
๐17โค4
Analysis of P2P cheap "spy" cameras and their LookCam app
https://palant.info/2025/09/08/a-look-at-a-p2p-camera-lookcam-app
https://palant.info/2025/09/08/a-look-at-a-p2p-camera-lookcam-app
Almost Secure
A look at a P2P camera (LookCam app)
Iโve got my hands on an internet-connected camera and decided to take a closer look, having already read about security issues with similar cameras. What I found far exceeded my expectations: fake access controls, bogus protocol encryption, completely unprotectedโฆ
๐ฅ18๐3๐1
PhantomCall unmasked: An Antidot variant disguised as fake Chrome apps in a global banking malware campaign
https://www.ibm.com/think/news/phantomcall-antidot-variant-in-fake-chrome-apps
https://www.ibm.com/think/news/phantomcall-antidot-variant-in-fake-chrome-apps
Ibm
PhantomCall unmasked: An Antidot variant disguised as fake Chrome apps in a global banking malware campaign | IBM
Android users beware! A new Antidot campaign (banking trojan) named PhantomCall is targeting users of major financial institutions across Europe. Trusteer Labs shares what theyโve learned.
โค9๐5๐5
Strategies for Analyzing Native Code in Android Applications: Combining Ghidra and Symbolic Execution for Code Decryption and Deobfuscation
https://revflash.medium.com/strategies-for-analyzing-native-code-in-android-applications-combining-ghidra-and-symbolic-aaef4c9555df
https://revflash.medium.com/strategies-for-analyzing-native-code-in-android-applications-combining-ghidra-and-symbolic-aaef4c9555df
Medium
Strategies for Analyzing Native Code in Android Applications: Combining Ghidra and Symbolicโฆ
In my work analyzing native code in Android applications, I often try different techniques. Some work, others not so much. Iโve realized Iโฆ
๐13๐ฅ3๐3โค1
Wanted to spy on my dog, ended up spying on TP-Link (TP-Link Tapo app)
https://kennedn.com/blog/posts/tapo/
https://kennedn.com/blog/posts/tapo/
Kennedn
Wanted to spy on my dog, ended up spying on TP-Link
โค8๐3๐3
NFC Card Vulnerability Exploitation Leading to Free Top-Up in KioSoft "Stored Value" Unattended Payment Solution (Mifare) CVE-2025-8699
https://sec-consult.com/vulnerability-lab/advisory/nfc-card-vulnerability-exploitation-leading-to-free-top-up-kiosoft-payment-solution/
https://sec-consult.com/vulnerability-lab/advisory/nfc-card-vulnerability-exploitation-leading-to-free-top-up-kiosoft-payment-solution/
๐7๐4