43052
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
Hacking Hotspots: Pre-Auth Remote Code Execution, Arbitrary SMS & Adjacent Attacks on 5G & 4G LTE Routers
Slides and demos: https://github.com/actuator/DEFCON-33
JMS — Mobile Docker, the container image used by JMS in their mobile-security trainings
Info: justmobilesec/just-mobile-security-jms-mobile-docker-ba1e6b7f131d" rel="nofollow">https://medium.com/@justmobilesec/just-mobile-security-jms-mobile-docker-ba1e6b7f131d
Docker: https://github.com/justmobilesec/just-mobile-security-mobile-docker
Android Malware Targets Indian Banking Users to Steal Financial Info and Mine Crypto
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/android-malware-targets-indian-banking-users-to-steal-financial-info-and-mine-crypto/
PlayPraetor's evolving threat: How Chinese-speaking actors globally scale an Android RAT
https://www.cleafy.com/cleafy-labs/playpraetors-evolving-threat-how-chinese-speaking-actors-globally-scale-an-android-rat
ToxicPanda: The Android Banking Trojan Targeting Europe
https://www.bitsight.com/blog/toxicpanda-android-banking-malware-2025-study
Debugging the Pixel 8 kernel via KGDB
How to use GDB over a serial connection for debugging the kernel on a Pixel 8
https://xairy.io/articles/pixel-kgdb
The Dark Side of Romance: SarangTrap Extortion Campaign
https://zimperium.com/blog/the-dark-side-of-romance-sarangtrap-extortion-campaign
Deobfuscating Android Apps with Androidmeda LLM: A Smarter Way to Read Obfuscated Code
✅As a bonus, example of deobfuscating Crocodilus Malware
https://www.mobile-hacker.com/2025/07/22/deobfuscating-android-apps-with-androidmeda-a-smarter-way-to-read-obfuscated-code/
Unmasking Malicious APKs: Android Malware Blending Click Fraud and Credential Theft
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/unmasking-malicious-apks-android-malware-blending-click-fraud-and-credential-theft/
Android Misconfiguration Leading to Task Hijacking in Caller ID app with 10M+ installs (CVE-2025-7889) + demo
https://github.com/KMov-g/androidapps/blob/main/caller.id.phone.number.block.md
Sending bitcoin over Bluetooth between Bitchat Android and iPhone. Both have a native cashu ecash wallet built in.
The ecash travels directly from phone to phone. the sender needs no internet. It is instant and untraceable digital cash.
Keyboard Input Injection vulnerability in Air Keyboard iOS App Still Unpatched
https://www.mobile-hacker.com/2025/07/17/remote-input-injection-vulnerability-in-air-keyboard-ios-app-still-unpatched/
RaspyJack
Turn a Raspberry Pi Zero 2 W + Waveshare 1.44″ LCD into a pocket-sized, SharkJack-style network multitool.
Key features:
• Recon: Multi-profile Nmap scans
• Shells: Reverse-shell launcher (pick IP on the fly or use a preset)
• Creds Capture: Responder, ARP MITM + sniff, DNS-spoof phishing
• Loot Viewer: Read Nmap / Responder / DNSSpoof logs on the screen
https://github.com/7h30th3r0n3/Raspyjack
Include computers into Bluetooth mesh network for Bitchat app
✅️ More devices = more nodes
✅️ Wider communication range https://github.com/kaganisildak/bitchat-python
Shizuku unlocks advanced functionality on any Android
Using Shizuku app your Android gains ADB (Shell) privileges to remove bloatware, list running processes, open listening ports, view stored Wi-Fi passwords, inspect logcat of other apps, enable/disable specific Android app components etc.
https://www.mobile-hacker.com/2025/07/14/shizuku-unlocking-advanced-android-capabilities-without-root/
From Signal to the Android SDK: Chaining Path Traversal, Mimetype Confusion, Security Check Bypass and File Descriptor Bruteforce for Arbitrary File Access
https://blog.ostorlab.co/signal-arbitrary-file-read.html
Guardio’s like your digital bodyguard - blocking scams, leaks, and shady stuff before it hits.
Think you’re safe online? Let’s put it to the test.
👉 Take our quick Security Quiz and see how protected you really are.
🚫 Bye-bye scam sites & phishing traps
🔔 Instant alerts if your info gets leaked
📱 Real-time protection for all your devices
🎁 Try Guardio free for 7 days - no strings, just safety.
Behind Random Words: DoubleTrouble Mobile Banking Trojan Revealed
https://zimperium.com/blog/behind-random-words-doubletrouble-mobile-banking-trojan-revealed
Meet Guardio - a powerful online protection tool that keeps you safe while you browse, shop, and live your digital life.
✅ Blocks scam sites, phishing & malicious pop-ups
✅ Alerts you instantly if your personal info or SSN is leaked
✅ Protects your identity, accounts & mobile in real-time
🎁 Try it for free for 7 days, no strings attached!
RedHook: A New Android Banking Trojan Targeting Users in Vietnam
https://cyble.com/blog/redhook-new-android-banking-targeting-in-vietnam/
🚨 Meet Guardio - a powerful online protection tool that keeps you safe while you browse, shop, and live your digital life.
✅ Blocks scam sites, phishing & malicious pop-ups
✅ Alerts you instantly if your personal info or SSN is leaked
✅ Protects your identity, accounts & mobile in real-time
🎁 Try it FREE for 7 days – plus get up to 72% discount! Give it a try now
Insecure authentication due to missing brute-force protection and runtime manipulation in Two App Studio Journey v5.5.9 for iOS (CVE-2025-41459)
Journey is a journaling app for iOS that stores personal entries and media
https://cirosec.de/en/news/vulnerability-in-two-app-studio-journey/
Lookout Discovers Iranian APT MuddyWater Leveraging DCHSpy During Israel-Iran Conflict
https://www.lookout.com/threat-intelligence/article/lookout-discovers-iranian-dchsy-surveillanceware
Lookout Discovers Massistant Chinese Mobile Forensic Tooling
https://www.lookout.com/threat-intelligence/article/massistant-chinese-mobile-forensics
How To Turn Old Android Smartphone into Travel Router With NAS
https://www.mobile-hacker.com/2025/07/21/how-to-turn-old-android-smartphone-into-travel-router-with-nas/
Remote Code Execution Discovered in XTool AnyScan App: Risks to Phones and Vehicles
https://www.nowsecure.com/blog/2025/07/16/remote-code-execution-discovered-in-xtool-anyscan-app-risks-to-phones-and-vehicles/
Konfety Returns: Classic Mobile Threat with New Evasion Techniques
https://zimperium.com/blog/konfety-returns-classic-mobile-threat-with-new-evasion-techniques
Fake Android Money Transfer App Targeting Bengali-Speaking Users
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fake-android-money-transfer-app-targeting-bengali-speaking-users/
eSIM might not be as safe as you think: researchers hack and clone numbers
https://security-explorations.com/esim-security.html
Chat without internet via Bluetooth
It is open-source, private, secure messaging app without needing the internet, that relies on Bluetooth mesh network
Info: https://www.mobile-hacker.com/2025/07/10/offline-encrypted-and-private-messaging-using-new-bitchat-bluetooth-app/
Download the latest app: https://github.com/permissionlesstech/bitchat-android/releases