TL;DR: Using our research tool, we discovered that WhatsApp is silently implementing fixes for device fingerprinting privacy…

How does Predator spyware transform from running code into active surveillance? This technical deep-dive reverse-engineers the internal factory architecture that dynamically creates camera monitoring, VoIP interception, and keylogging modules through Unix…

Group-IB researchers detail the inner workings of Chinese tap-to-pay schemes on Telegram and examine the NFC-enabled Android apps fraudsters are using to steal money from victim’s bank cards and mobile wallets remotely.

Droid LLM Hunter is a tool to scan for vulnerabilities in Android applications using Large Language Models (LLMs). - GitHub - roomkangali/droid-llm-hunter: Droid LLM Hunter is a tool to scan for ...

Dalvik bytecode emulator for Android static analysis | String decryption | Multi-DEX | No Android runtime required - fatalSec/DaliVM

Interact with Frida devices, processes, and scripts directly from your browser. - adityatelange/frida-ui

What's Play Interity API and how to bypass it

my journey in intercepting HTTPS traffic from a APK based on Flutter

Cyble analyzed deVixor, an advanced Android banking RAT with ransomware features actively targeting Iranian users.

Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One ef...

With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the res...

While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our e...

WhisperPair is a family of practical attacks leveraging a flaw in the Google Fast Pair implementation on flagship audio accessories.