PhantomCall unmasked: An Antidot variant disguised as fake Chrome apps in a global banking malware campaign
https://www.ibm.com/think/news/phantomcall-antidot-variant-in-fake-chrome-apps
https://www.ibm.com/think/news/phantomcall-antidot-variant-in-fake-chrome-apps
Ibm
PhantomCall unmasked: An Antidot variant disguised as fake Chrome apps in a global banking malware campaign | IBM
Android users beware! A new Antidot campaign (banking trojan) named PhantomCall is targeting users of major financial institutions across Europe. Trusteer Labs shares what theyβve learned.
β€9π5π5
Strategies for Analyzing Native Code in Android Applications: Combining Ghidra and Symbolic Execution for Code Decryption and Deobfuscation
https://revflash.medium.com/strategies-for-analyzing-native-code-in-android-applications-combining-ghidra-and-symbolic-aaef4c9555df
https://revflash.medium.com/strategies-for-analyzing-native-code-in-android-applications-combining-ghidra-and-symbolic-aaef4c9555df
Medium
Strategies for Analyzing Native Code in Android Applications: Combining Ghidra and Symbolicβ¦
In my work analyzing native code in Android applications, I often try different techniques. Some work, others not so much. Iβve realized Iβ¦
π13π₯3π3β€1
Wanted to spy on my dog, ended up spying on TP-Link (TP-Link Tapo app)
https://kennedn.com/blog/posts/tapo/
https://kennedn.com/blog/posts/tapo/
Kennedn
Wanted to spy on my dog, ended up spying on TP-Link
β€8π3π3
NFC Card Vulnerability Exploitation Leading to Free Top-Up in KioSoft "Stored Value" Unattended Payment Solution (Mifare) CVE-2025-8699
https://sec-consult.com/vulnerability-lab/advisory/nfc-card-vulnerability-exploitation-leading-to-free-top-up-kiosoft-payment-solution/
https://sec-consult.com/vulnerability-lab/advisory/nfc-card-vulnerability-exploitation-leading-to-free-top-up-kiosoft-payment-solution/
π7π4
Android SlopAds Fraud with Layers of Obfuscation
https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-slopads-covers-fraud-with-layers-of-obfuscation/
https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-slopads-covers-fraud-with-layers-of-obfuscation/
HUMAN Security
Satori Threat Intelligence Alert: SlopAds Covers Fraud with Layers of Obfuscation - HUMAN Security
Researchers: Louisa Abel, Lindsay Kaye, JoΓ£o Marques, Vikas Parthasarathy, JoΓ£o Santos, Adam Sell IVT Taxonomy: Misleading User Interface HUMANβs Satori
β€16π5
Automating Android Component Testing with new APK Inspector tool
-What are exported components?
-Setup and testing APK Inspector
-Improve automation and execute ADB commands interactively
-Run it on Android
-What are Intent Redirection Vulnerabilities?
https://www.mobile-hacker.com/2025/09/18/automating-android-app-component-testing-with-new-apk-inspector/
-What are exported components?
-Setup and testing APK Inspector
-Improve automation and execute ADB commands interactively
-Run it on Android
-What are Intent Redirection Vulnerabilities?
https://www.mobile-hacker.com/2025/09/18/automating-android-app-component-testing-with-new-apk-inspector/
Mobile Hacker
Automating Android App Component Testing with New APK Inspector
If improperly secured, exported components become easy entry points for attackers to execute arbitrary code, access sensitive data, or manipulate the appβs behavior.
π20β€5π5π4
Trigger for the integer underflow bug in the HID core subsystem (CVE-2025-38494 and CVE-2025-38495) that leaks 64 KB of OOB memory over USB
Still works on Pixels and Ubuntus (but the bug is fixed in stable kernels)
https://github.com/xairy/kernel-exploits/tree/master/CVE-2025-38494
Still works on Pixels and Ubuntus (but the bug is fixed in stable kernels)
https://github.com/xairy/kernel-exploits/tree/master/CVE-2025-38494
π11β€1π1
CVE-2025-10184 is permission bypass that affects multiple OnePlus devices running OxygenOS 12β15 (NOT FIXED) with PoC
This vulnerability allows any application installed on the device to read SMS/MMS without permission, user interaction, or consent.
https://www.rapid7.com/blog/post/cve-2025-10184-oneplus-oxygenos-telephony-provider-permission-bypass-not-fixed/
This vulnerability allows any application installed on the device to read SMS/MMS without permission, user interaction, or consent.
https://www.rapid7.com/blog/post/cve-2025-10184-oneplus-oxygenos-telephony-provider-permission-bypass-not-fixed/
π17π€£9π5β€3π₯2
Finding vulnerabilities in the Binder kernel driver through fuzzing
https://androidoffsec.withgoogle.com/posts/binder-fuzzing/
https://androidoffsec.withgoogle.com/posts/binder-fuzzing/
Withgoogle
Binder Fuzzing - Android Offensive Security Blog
In our previous blog posts, we explored Android Binderβs intricacies, from exploiting a vulnerability (CVE-2023-20938) for kernel code execution to examining its inner workings. In this post, we shift our focus to finding vulnerabilities in the Binder kernelβ¦
β€8π2π1
Obtain a root shell on Unisoc unpatched devices (CVE-2025-31710)
https://github.com/Skorpion96/unisoc-su/tree/main?tab=readme-ov-file
https://github.com/Skorpion96/unisoc-su/tree/main?tab=readme-ov-file
GitHub
GitHub - Skorpion96/unisoc-su: A method for CVE-2025-31710 and to connect to cmd_skt to obtain a root shell on unisoc unpatchedβ¦
A method for CVE-2025-31710 and to connect to cmd_skt to obtain a root shell on unisoc unpatched models - Skorpion96/unisoc-su
π₯18β€1
Banker Trojan Targeting Indonesian and Vietnamese Android Users
https://dti.domaintools.com/banker-trojan-targeting-indonesian-and-vietnamese-android-users/
https://dti.domaintools.com/banker-trojan-targeting-indonesian-and-vietnamese-android-users/
DomainTools Investigations | DTI
Banker Trojan Targeting Indonesian and Vietnamese Android Users - DomainTools Investigations | DTI
A group has been targeting Indonesian and Vietnamese Android users with banking trojans disguised as legitimate payment and government identity applications. The operators exhibit distinct domain registration patterns with a strong operational focus duringβ¦
β€13β‘5
This media is not supported in your browser
VIEW IN TELEGRAM
Triggered WhatsApp 0-click on iOS/macOS/iPadOS
CVE-2025-55177 arises from missing validation that the [Redacted] message originates from a linked device, enabling specially crafted DNG parsing that triggers CVE-2025-43300.
Analysis of Samsung CVE-2025-21043 is also ongoing
Source: https://x.com/DarkNavyOrg/status/1972260639101034950
CVE-2025-55177 arises from missing validation that the [Redacted] message originates from a linked device, enabling specially crafted DNG parsing that triggers CVE-2025-43300.
Analysis of Samsung CVE-2025-21043 is also ongoing
Source: https://x.com/DarkNavyOrg/status/1972260639101034950
β€15β6π3π’2π€―1π¨βπ»1π
1π1
Writeup for CVE-2025-24085, an ITW iOS mediaplaybackd vulnerability patched earlier this year
https://github.com/b1n4r1b01/n-days/blob/main/CVE-2025-24085/CVE-2025-24085.md
https://github.com/b1n4r1b01/n-days/blob/main/CVE-2025-24085/CVE-2025-24085.md
GitHub
n-days/CVE-2025-24085/CVE-2025-24085.md at main Β· b1n4r1b01/n-days
Contribute to b1n4r1b01/n-days development by creating an account on GitHub.
π6β€2π2π€‘2
Exploring Android Accessibility Malware | Droidcon Italy 2024
https://www.youtube.com/watch?v=xCHW8ql3vi0
https://www.youtube.com/watch?v=xCHW8ql3vi0
YouTube
Exploring Android Accessibility Malware | Droidcon Italy 2024
Android Accessibility Malware EXPOSED: What Hackers Donβt Want You to Knowβthis eye-opening session from Droidcon Italy 2024 reveals how cybercriminals exploit Androidβs Accessibility Services and combine them with credential stuffing to infiltrate user accountsβ¦
π8π3
Analysis of Android DHCSpy operated by the Iranian APT MuddyWater
https://shindan.io/blog/dhcspy-discovering-the-iranian-apt-muddywater
https://shindan.io/blog/dhcspy-discovering-the-iranian-apt-muddywater
shindan.io
Blog - DHCSpy - Discovering the Iranian APT MuddyWater
Shindan est une application SaaS, mobile et desktop qui détecte les compromissions et vulnérabilités sur smartphones et tablettes, sans accès aux données personnelles. Obtenez un diagnostic rapide et précis pour protéger vos VIP et collaborateurs.
π6π3
Security Evaluation Of Android Apps In Budget African Mobile Devices
The study examined 1,544 APKs collected from seven African smartphones. The analysis revealed that 145 applications (9%) disclose sensitive data, 249 (16%) expose critical components, and many present additional risks: 226 execute privileged or dangerous commands, 79 interact with SMS messages (read, send, or delete), and 33 perform silent installation operations
https://arxiv.org/pdf/2509.18800
The study examined 1,544 APKs collected from seven African smartphones. The analysis revealed that 145 applications (9%) disclose sensitive data, 249 (16%) expose critical components, and many present additional risks: 226 execute privileged or dangerous commands, 79 interact with SMS messages (read, send, or delete), and 33 perform silent installation operations
https://arxiv.org/pdf/2509.18800
π11π€¬5π€£5π4π3π₯΄1π1
Datzbro: RAT Hiding Behind Senior Travel Scams
https://www.threatfabric.com/blogs/datzbro-rat-hiding-behind-senior-travel-scams
https://www.threatfabric.com/blogs/datzbro-rat-hiding-behind-senior-travel-scams
ThreatFabric
Datzbro: RAT Hiding Behind Senior Travel Scams
In this research article by ThreatFabric, we expose Datzbro: a new RAT that hides behind senior travel scams.
π9π2β€1
Klopatra: exposing a new Android banking trojan operation with roots in Turkey
https://www.cleafy.com/cleafy-labs/klopatra-exposing-a-new-android-banking-trojan-operation-with-roots-in-turkey
https://www.cleafy.com/cleafy-labs/klopatra-exposing-a-new-android-banking-trojan-operation-with-roots-in-turkey
Cleafy
Klopatra: exposing a new Android banking trojan operation with roots in Turkey | Cleafy LABS
In late August 2025, Cleafy's Threat Intelligence team discovered Klopatra, a new, highly sophisticated Android malware currently targeting banking users primarily in Spain and Italy. The number of compromised devices has already exceeded 1,000. Read theβ¦
π14β€4π2
Silent Smishing : The Hidden Abuse of Cellular Router APIs
Cellular routerβs API was exploited to send malicious SMS messages containing phishing URLs
https://blog.sekoia.io/silent-smishing-the-hidden-abuse-of-cellular-router-apis/
Cellular routerβs API was exploited to send malicious SMS messages containing phishing URLs
https://blog.sekoia.io/silent-smishing-the-hidden-abuse-of-cellular-router-apis/
Sekoia.io Blog
Silent Smishing : The Hidden Abuse of Cellular Router APIs
How attackers abuse Milesight cellular router APIs to run smishing at scale via unauthenticated SMS endpointsβtargeting Belgium (CSAM/eBox).
β€13π₯6π2
Phones auto-connecting to "FreeWiFi_Secure" Wi-Fi network leak full IMSI in cleartext during EAP-SIM exchange
Anyone nearby with sniffer could capture it β track users, or correlate identities.
Fixed pushed disabling FreeWiFi_Secure on legacy boxes starting Oct 1, 2025.
https://7h30th3r0n3.fr/the-vulnerability-that-killed-freewifi_secure/
Anyone nearby with sniffer could capture it β track users, or correlate identities.
Fixed pushed disabling FreeWiFi_Secure on legacy boxes starting Oct 1, 2025.
https://7h30th3r0n3.fr/the-vulnerability-that-killed-freewifi_secure/
π₯12π₯±4β€2π2
Attacking telecom: security bugs from 2G to 5G, SMS exploits, and SS7 & Diameter protocols
[presentation] https://www.youtube.com/watch?v=364R1SoGGJ4
[presentation] https://www.youtube.com/watch?v=364R1SoGGJ4
π₯15π2