The Rise of Android Arsink Rat
https://zimperium.com/blog/the-rise-of-arsink-rat
https://zimperium.com/blog/the-rise-of-arsink-rat
Zimperium
The Rise of Arsink Rat
true
๐13๐3
Android Trojan Campaign Uses Hugging Face Hosting for RAT Payload Delivery
https://www.bitdefender.com/en-us/blog/labs/android-trojan-campaign-hugging-face-hosting-rat-payload
https://www.bitdefender.com/en-us/blog/labs/android-trojan-campaign-hugging-face-hosting-rat-payload
Bitdefender Labs
Android Trojan Campaign Uses Hugging Face Hosting for RAT Payload Delivery
Bitdefender researchers discovered an Android RAT campaign that combines social engineering, the resources of Hugging Face and permission abuse
๐10โก4๐2๐คฃ2
Modern iOS Security Features โ A Deep Dive
into SPTM, TXM, and Exclaves
https://arxiv.org/pdf/2510.09272
into SPTM, TXM, and Exclaves
https://arxiv.org/pdf/2510.09272
๐15โค6
Carbonara: The MediaTek exploit nobody served
https://shomy.is-a.dev/blog/article/serving-carbonara
Penumbra is a tool for interacting with Mediatek devices.
It provides flashing and readback capabilities, as well as bootloader unlocking and relocking on vulnerable devices: https://github.com/shomykohai/penumbra
https://shomy.is-a.dev/blog/article/serving-carbonara
Penumbra is a tool for interacting with Mediatek devices.
It provides flashing and readback capabilities, as well as bootloader unlocking and relocking on vulnerable devices: https://github.com/shomykohai/penumbra
โค13๐6
Analysing a Pegasus 0-click Exploit for iOS
Recreated the "Blastpass" iOS exploit in a faked target process, to understand the heap shaping strategy first-hand
https://youtu.be/0JFcDCW3Sis
Recreated the "Blastpass" iOS exploit in a faked target process, to understand the heap shaping strategy first-hand
https://youtu.be/0JFcDCW3Sis
YouTube
Analysing a Pegasus 0-click Exploit for iOS
Are you a security researcher or reverse engineer?
For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **
*License discounts are only valid for individualsโฆ
For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **
*License discounts are only valid for individualsโฆ
๐17โค9
Deep-C: Android Deep Link misconfiguration detector and exploitation tool
https://github.com/KishorBal/deep-C
https://github.com/KishorBal/deep-C
๐ฅ16โค9๐4๐2
Practical Mobile Traffic Interception
https://medium.com/@justmobilesec/practical-mobile-traffic-interception-1481e33d974e
https://medium.com/@justmobilesec/practical-mobile-traffic-interception-1481e33d974e
Medium
Practical Mobile Traffic Interception
TL;DR#1: The post will discuss a step-by-step guide of how mobile web traffic can be intercepted on current android and ios applicationsโฆ
๐17โค1
Sapsan Terminal: new AIโpowered HID scripting tool that speeds up payload creation and handles the syntax for 15 supported devices (video test)
https://www.mobile-hacker.com/2026/02/03/sapsan-terminal-ai-powered-badusb-script-generator/
https://www.mobile-hacker.com/2026/02/03/sapsan-terminal-ai-powered-badusb-script-generator/
Mobile Hacker
Sapsan Terminal: AI-Powered BadUSB Script Generator - Mobile Hacker
Sapsan Terminal is an AI-driven online platform that simplifies payload generation for hardware-based attacks. Instead of manually writing scripts, you can describe your goal in plain language, and the AI will produce a ready-to-use script in the correctโฆ
๐11๐5โค2๐ค1
FIRST Ever Online Mobile Hacking Conference
Free, worldwide online event bringing the mobile security community together for sessions on mobile hacking, AI, malware, forensics, live mobileโfocused CTF with prizes!
When: March 3 and 4, 2026
Register here: https://www.mobilehackinglab.com/mobile-hacking-conference-registration
Free, worldwide online event bringing the mobile security community together for sessions on mobile hacking, AI, malware, forensics, live mobileโfocused CTF with prizes!
When: March 3 and 4, 2026
Register here: https://www.mobilehackinglab.com/mobile-hacking-conference-registration
๐19
Inside a Multi-Stage Android Malware Campaign Leveraging RTO-Themed Social Engineering
https://www.seqrite.com/blog/inside-a-multi-stage-android-malware-campaign-leveraging-rto-themed-social-engineering/
https://www.seqrite.com/blog/inside-a-multi-stage-android-malware-campaign-leveraging-rto-themed-social-engineering/
Blogs on Information Technology, Network & Cybersecurity | Seqrite
Inside a Multi-Stage Android Malware Campaign Leveraging RTO-Themed Social Engineering
<p>In recent years, Android malware campaigns in India have increasingly abused the trust associated with government services and official digital platforms. By imitating well-known portals and leveraging social engineering through messaging applicationsโฆ
๐14โค6
MobSF has Stored XSS via Manifest Analysis of uploaded APK (CVE-2026-24490 )
https://github.com/advisories/GHSA-8hf7-h89p-3pqj
https://github.com/advisories/GHSA-8hf7-h89p-3pqj
๐44โค2๐คช2
Understanding and Experimenting with Apple's Pointer Authentication Codes (PAC) on iOS
https://blog.reversesociety.co/blog/2026/pointer-authentication-code-for-ios
https://blog.reversesociety.co/blog/2026/pointer-authentication-code-for-ios
๐13๐4
Android Dynamic Class Dumper โ dump all DEX files from running Android apps using Frida
https://github.com/TheQmaks/clsdumper
https://github.com/TheQmaks/clsdumper
GitHub
GitHub - TheQmaks/clsdumper: Android Dynamic Class Dumper โ dump all DEX files from running Android apps using Frida
Android Dynamic Class Dumper โ dump all DEX files from running Android apps using Frida - TheQmaks/clsdumper
โค19๐7๐ฉ7๐2๐1
IPATool: command line tool that allows to download iOS apps on the App Store
https://github.com/majd/ipatool
https://github.com/majd/ipatool
GitHub
GitHub - majd/ipatool: Command-line tool that allows searching and downloading app packages (known as ipa files) from the iOS Appโฆ
Command-line tool that allows searching and downloading app packages (known as ipa files) from the iOS App Store - majd/ipatool
โค24๐ฅ6๐คฎ5๐2๐ฉ1
How to install OpenClaw on Android and control it via WhatsApp using automated script
Blog: https://www.mobile-hacker.com/2026/02/11/how-to-install-openclaw-on-an-android-phone-and-control-it-via-whatsapp/
Installer script: https://github.com/androidmalware/OpenClaw_Termux
Blog: https://www.mobile-hacker.com/2026/02/11/how-to-install-openclaw-on-an-android-phone-and-control-it-via-whatsapp/
Installer script: https://github.com/androidmalware/OpenClaw_Termux
GitHub
GitHub - androidmalware/OpenClaw_Termux: How to Install OpenClaw on an Android Phone and Control It via WhatsApp
How to Install OpenClaw on an Android Phone and Control It via WhatsApp - androidmalware/OpenClaw_Termux
๐ฅด17๐10๐5๐ฉ3โค2๐คฃ2๐1
Intro to Android WebViews and deep linksโฆand how to exploit them
https://djini.ai/intro-to-android-webviews-and-deep-links-and-how-to-exploit-them/
https://djini.ai/intro-to-android-webviews-and-deep-links-and-how-to-exploit-them/
Djini.ai
Intro to Android WebViews and deep links...and how to exploit them - Djini.ai
Android WebView is a system component that allows applications to render web content directly inside a native app, and it is one of the most widely used building blocks in the Android ecosystem. At the same time, deep links have become the primary way appsโฆ
๐23โค8๐2๐1
phantom-frida:
Build anti-detection Frida server from source
https://github.com/TheQmaks/phantom-frida
Build anti-detection Frida server from source
https://github.com/TheQmaks/phantom-frida
GitHub
GitHub - TheQmaks/phantom-frida: Build anti-detection Frida server from source. ~90 patches covering 16 detection vectors, weeklyโฆ
Build anti-detection Frida server from source. ~90 patches covering 16 detection vectors, weekly auto-builds with random names. - TheQmaks/phantom-frida
๐ฅ16๐7โค2๐1๐1
justapk: Download any APK by package name. 6 sources, automatic fallback, Cloudflare bypass. CLI + Python API
https://github.com/TheQmaks/justapk
https://github.com/TheQmaks/justapk
GitHub
GitHub - TheQmaks/justapk: Download any APK by package name. 6 sources, automatic fallback, Cloudflare bypass. CLI + Python API.
Download any APK by package name. 6 sources, automatic fallback, Cloudflare bypass. CLI + Python API. - TheQmaks/justapk
โค16๐6๐3๐1
JEZAIL: Android pentesting toolkit running fully on rooted devices
https://github.com/zahidaz/jezail
https://github.com/zahidaz/jezail
GitHub
GitHub - zahidaz/jezail: Powerful Android pentesting toolkit running fully on rooted devices.
Powerful Android pentesting toolkit running fully on rooted devices. - zahidaz/jezail
๐12โค7๐4
AWAKE: Android Wiki of Attacks, Knowledge & Exploits
https://zahidaz.github.io/awake/
https://zahidaz.github.io/awake/
zahidaz.github.io
AWAKE
Android Wiki of Attacks, Knowledge & Exploits
๐13๐4