43051
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
How to run virtual iOS 26 iPhone on Apple Silicon Macs, built from Apple’s Private Cloud Compute firmware
https://github.com/wh1te4ever/super-tart-vphone-writeup
Android mental health apps are filled with security flaws
https://www.bleepingcomputer.com/news/security/android-mental-health-apps-with-147m-installs-filled-with-security-flaws/
SURXRAT: From ArsinkRAT roots to LLM Module Downloads Signaling Capability Expansion
https://cyble.com/blog/surxrat-downloads-large-llm-module-from-hugging-face/
Intent Redirection in a Samsung Dialer SVE-2025–1217
happyjester80/intent-redirection-in-a-samsung-dialer-duplicate-sve-2025-1217-0160b0d79a74" rel="nofollow">https://medium.com/@happyjester80/intent-redirection-in-a-samsung-dialer-duplicate-sve-2025-1217-0160b0d79a74
Massiv: When your IPTV app terminates your savings
https://www.threatfabric.com/blogs/massiv-when-your-iptv-app-terminates-your-savings
Deep analysis of a new Keenadu Android botnet (discovered connection between Triada, BADBOX, Vo1d, and Keenadu)
https://securelist.com/keenadu-android-backdoor/118913/
Android Runs ELF Files: Everything Else Is Just Layers
https://blog.azzahid.com/posts/android-runs-elf-files-everything-else-is-just-layers/
JEZAIL: Android pentesting toolkit running fully on rooted devices
https://github.com/zahidaz/jezail
phantom-frida:
Build anti-detection Frida server from source
https://github.com/TheQmaks/phantom-frida
How to install OpenClaw on Android and control it via WhatsApp using automated script
Blog: https://www.mobile-hacker.com/2026/02/11/how-to-install-openclaw-on-an-android-phone-and-control-it-via-whatsapp/
Installer script: https://github.com/androidmalware/OpenClaw_Termux
Android Dynamic Class Dumper — dump all DEX files from running Android apps using Frida
https://github.com/TheQmaks/clsdumper
MobSF has Stored XSS via Manifest Analysis of uploaded APK (CVE-2026-24490 )
https://github.com/advisories/GHSA-8hf7-h89p-3pqj
FIRST Ever Online Mobile Hacking Conference
Free, worldwide online event bringing the mobile security community together for sessions on mobile hacking, AI, malware, forensics, live mobile‑focused CTF with prizes!
When: March 3 and 4, 2026
Register here: https://www.mobilehackinglab.com/mobile-hacking-conference-registration
Practical Mobile Traffic Interception
justmobilesec/practical-mobile-traffic-interception-1481e33d974e" rel="nofollow">https://medium.com/@justmobilesec/practical-mobile-traffic-interception-1481e33d974e
Deep-C: Android Deep Link misconfiguration detector and exploitation tool
https://github.com/KishorBal/deep-C
How Predator spyware defeats iOS recording indicators
https://www.jamf.com/blog/predator-spyware-ios-recording-indicator-bypass-analysis/
A Step-by-Step Guide to Uncovering Vulnerabilities in a Mobile App
https://ahmadaabdulla.medium.com/a-step-by-step-guide-to-uncovering-vulnerabilities-in-a-mobile-app-5a6b05e6b23b
First‑ever Mobile Hacking Conference, happening next week — fully online and completely free.
I’ve summarized everything you need to know in one place — speakers, talks, CTFs, giveaways, free courses, and more.
https://www.mobile-hacker.com/2026/02/23/the-first-mobile-hacking-conference-is-coming-this-march/
MythDetector: Android app designed to detect presence of Frida in Android apps
https://github.com/arvinjangid/MythDetector
The first known Android malware to abuse generative AI (Gemini) in its execution flow
https://www.welivesecurity.com/en/eset-research/promptspy-ushers-in-era-android-threats-using-genai/
What Is Android Application-Level Virtualization
https://blog.azzahid.com/posts/android-app-virtualization/
AWAKE: Android Wiki of Attacks, Knowledge & Exploits
https://zahidaz.github.io/awake/
justapk: Download any APK by package name. 6 sources, automatic fallback, Cloudflare bypass. CLI + Python API
https://github.com/TheQmaks/justapk
Intro to Android WebViews and deep links…and how to exploit them
https://djini.ai/intro-to-android-webviews-and-deep-links-and-how-to-exploit-them/
IPATool: command line tool that allows to download iOS apps on the App Store
https://github.com/majd/ipatool
Understanding and Experimenting with Apple's Pointer Authentication Codes (PAC) on iOS
https://blog.reversesociety.co/blog/2026/pointer-authentication-code-for-ios
Inside a Multi-Stage Android Malware Campaign Leveraging RTO-Themed Social Engineering
https://www.seqrite.com/blog/inside-a-multi-stage-android-malware-campaign-leveraging-rto-themed-social-engineering/
Sapsan Terminal: new AI‑powered HID scripting tool that speeds up payload creation and handles the syntax for 15 supported devices (video test)
https://www.mobile-hacker.com/2026/02/03/sapsan-terminal-ai-powered-badusb-script-generator/
Android Game Hacking (Part I)
justmobilesec/android-mobile-game-hacking-f428aef8eb98" rel="nofollow">https://medium.com/@justmobilesec/android-mobile-game-hacking-f428aef8eb98
Analysing a Pegasus 0-click Exploit for iOS
Recreated the "Blastpass" iOS exploit in a faked target process, to understand the heap shaping strategy first-hand
https://youtu.be/0JFcDCW3Sis