43051
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
Carbonara: The MediaTek exploit nobody served
https://shomy.is-a.dev/blog/article/serving-carbonara
Penumbra is a tool for interacting with Mediatek devices.
It provides flashing and readback capabilities, as well as bootloader unlocking and relocking on vulnerable devices: https://github.com/shomykohai/penumbra
Android Trojan Campaign Uses Hugging Face Hosting for RAT Payload Delivery
https://www.bitdefender.com/en-us/blog/labs/android-trojan-campaign-hugging-face-hosting-rat-payload
Disrupting the World's Largest Residential Proxy Network
https://cloud.google.com/blog/topics/threat-intelligence/disrupting-largest-residential-proxy-network
Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation
https://www.welivesecurity.com/en/eset-research/love-actually-fake-dating-app-used-lure-targeted-spyware-campaign-pakistan/
A Frida-based utility for dynamically extracting native (.so) libraries from Android applications
https://github.com/TheQmaks/soSaver
Android.Phantom trojans are bundled with modded games and popular apps to infiltrate smartphones. They use machine learning and video broadcasts to engage in click fraud
https://news.drweb.com/show/?i=15110&lng=en
Analysis of CVE-2025-43529 (WebKit UAF) + CVE-2025-14174 (ANGLE OOB) exploit chain - iOS Safari
https://github.com/zeroxjf/WebKit-UAF-ANGLE-OOB-Analysis
WPair: app for testing Bluetooth WhisperPair vulnerability in Google's Fast Pair protocol (CVE-2025-36911) https://github.com/zalexdev/wpair-app
Читать полностью…
A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here?
https://projectzero.google/2026/01/pixel-0-click-part-3.html
A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby
https://projectzero.google/2026/01/pixel-0-click-part-1.html
Flutter SSL Bypass: How to Intercept HTTPS Traffic When all other Frida Scripts Fail
https://m4kr0.vercel.app/posts/flutter-ssl-bypass-how-to-intercept-https-traffic-when-all-other-frida-scripts-fail/
One-click Telegram IP address leak
https://www.bleepingcomputer.com/news/security/hidden-telegram-proxy-links-can-reveal-your-ip-address-in-one-click/
Video by @0x6rss
Dalvik bytecode emulator for Android static analysis | String decryption | Multi-DEX | No Android runtime required
https://github.com/fatalSec/DaliVM
Ghost Tapped: Tracking the Rise of Chinese Tap-to-pay Android NFC Malware
https://www.group-ib.com/blog/ghost-tapped-chinese-malware/
WhatsApp Vulnerabilities Leaked Users’ Metadata Including Device’s Operating System Details
TalBeerySec/whatsapp-silent-fix-of-device-fingerprinting-privacy-issue-assessment-the-good-the-not-so-bad-9127b5215e28" rel="nofollow">https://medium.com/@TalBeerySec/whatsapp-silent-fix-of-device-fingerprinting-privacy-issue-assessment-the-good-the-not-so-bad-9127b5215e28
Modern iOS Security Features – A Deep Dive
into SPTM, TXM, and Exclaves
https://arxiv.org/pdf/2510.09272
The Rise of Android Arsink Rat
https://zimperium.com/blog/the-rise-of-arsink-rat
NFCShare (SuperCard X) Android Trojan: NFC card data theft via malicious APK
https://www.d3lab.net/nfcshare-android-trojan-nfc-card-data-theft-via-malicious-apk/
Android and authentication: The Evolution of FIDO Experiences on Android
https://bughunters.google.com/blog/fido
Samsung S23 Ultra: The Ultimate NetHunter Setup(Android 14 Fix)
JanCSG/samsung-s23-ultra-the-ultimate-nethunter-setup-31c1105201d9" rel="nofollow">https://medium.com/@JanCSG/samsung-s23-ultra-the-ultimate-nethunter-setup-31c1105201d9
Firebase APK Security Scanner
Scan Android APKs for Firebase security misconfigurations including open databases, exposed storage buckets, and authentication bypasses
https://github.com/trailofbits/skills/tree/main/plugins/firebase-apk-scanner
Frida-based tool to dump decrypted iOS apps as .ipa from a jailbroken device supports App Store, sideloaded and system
https://github.com/lautarovculic/frida-ipa-extract
WhisperPair: Hijacking Bluetooth Accessories
Using Google Fast Pair.
You can also check if your device is vulnerable
https://whisperpair.eu/
A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave
https://projectzero.google/2026/01/pixel-0-click-part-2.html
deVixor: An Evolving Android Banking RAT with Ransomware Capabilities Targeting Iran
https://cyble.com/blog/devixor-an-evolving-android-banking-rat-with-ransomware-capabilities-targeting-iran/
Play Integrity API: How It Works & How to Bypass It
https://m4kr0.vercel.app/posts/play-integrity-api-how-it-works--how-to-bypass-it/
Frida-UI: Interact with Frida devices, processes, and scripts directly from your browser
https://github.com/adityatelange/frida-ui
Droid LLM Hunter is a tool to scan for vulnerabilities in Android applications using Large Language Models (LLMs)
https://github.com/roomkangali/droid-llm-hunter
Predator iOS Malware: Building a Surveillance Framework - Part 1
https://blog.reversesociety.co/blog/2025/predator-ios-malware-surveillance-framework-part-1
Read, write, and emulate NFC cards on jailbroken iPhones
https://github.com/OwnGoalStudio/TrollNFC/