43052
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
[beginners] Building an Android Bug Bounty lab - guide to configuring emulators, real devices, proxies, Magisk, Burp, Frida
https://www.yeswehack.com/learn-bug-bounty/android-lab-mobile-hacking-tools
Critical CVE-2025-48539 Android RCE allows an attacker within physical or network proximity, such as Bluetooth or WiFi range, to execute arbitrary code on the device without any user interaction or privileges
https://osv.dev/vulnerability/ASB-A-406785684
https://grok.com/s/bGVnYWN5_f5103b21-64a1-4b1c-beaf-184a290ca23d
SSLPinDetect: Advanced SSL Pinning Detection for Android Security Analysis
Blog: https://petruknisme.medium.com/sslpindetect-advanced-ssl-pinning-detection-for-android-security-analysis-1390e9eca097
Tool: https://github.com/aancw/SSLPinDetect
WhatsApp Zero-Day Vulnerability Exploited with 0-Click Attacks to Hack Apple Devices
https://gbhackers.com/whatsapp-zero-day-vulnerability-exploited-with-0-click-attacks/
GodFather - Part 1 - A multistage dropper
https://shindan.io/blog/godfather-part-1-a-multistage-dropper
Hook Version 3: The Banking Trojan with The Most Advanced Capabilities
https://zimperium.com/blog/hook-version-3-the-banking-trojan-with-the-most-advanced-capabilities
iOS 18.6.1 0-click RCE POC (CVE-2025-43300)
https://github.com/b1n4r1b01/n-days/blob/main/CVE-2025-43300.md
Revealing Hidden iOS Apps: Exploring System Applications on Jailbroken Devices
https://reversethat.app/posts/revealing-hidden-system-ios-apps/
ELEGANTBOUNCER: Catch iOS 0-click exploits without having the samples.
Features iOS backup forensics & messaging app scanning for iMessage, WhatsApp, Signal, Telegram & Viber attachments.
https://www.msuiche.com/posts/elegantbouncer-when-you-cant-get-the-samples-but-still-need-to-catch-the-threat/
Hidden Links: Analyzing Secret Families of VPN Apps
https://www.petsymposium.org/foci/2025/foci-2025-0008.pdf
Samsung S24 Exploit Chain Pwn2Own 2024 Walkthrough
happyjester80/samsung-s24-exploit-chain-pwn2own-2024-walkthrough-c7a3da9a7a26" rel="nofollow">https://medium.com/@happyjester80/samsung-s24-exploit-chain-pwn2own-2024-walkthrough-c7a3da9a7a26
Step by Step Complete Beginners guide of iOS penetration testing
https://infosecwriteups.com/step-by-step-complete-beginners-guide-of-ios-penetration-testing-17092c0e0dc7
Android Malware Promises Energy Subsidy to Steal Financial Data
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/android-malware-promises-energy-subsidy-to-steal-financial-data/
Exposes and Analyzes of ERMAC V3.0 Banking Trojan Full Source Code Leak
https://hunt.io/blog/ermac-v3-banking-trojan-source-code-leak
Gain Control of Rooted Android Devices by Exploiting One Vulnerability in KernelSU
https://zimperium.com/blog/the-rooting-of-all-evil-security-holes-that-could-compromise-your-mobile-device
Reverse engineering of Apple's iOS 0-click CVE-2025-43300
https://blog.quarkslab.com/patch-analysis-of-Apple-iOS-CVE-2025-43300.html
Android Droppers: The Silent Gatekeepers of Malware
https://www.threatfabric.com/blogs/android-droppers-the-silent-gatekeepers-of-malware
SikkahBot Malware Campaign Lures and Defrauds Students in Bangladesh
https://cyble.com/blog/sikkahbot-malware-defrauds-students-in-bangladesh/
Threat Actors Use Facebook Ads to Deliver Android Malware
https://www.bitdefender.com/en-us/blog/labs/malvertising-campaign-on-meta-expands-to-android-pushing-advanced-crypto-stealing-malware-to-users-worldwide
Sotap — A lightweight .so library for logging the behavior of JNI libraries
https://github.com/RezaArbabBot/SoTap
Mobile & Phone Related OSINT Sites
https://uk-osint.net/mobilephone.html
CADroid: A Cross-combination Attention based Framework for Android Malware Detection
https://www.sciencedirect.com/science/article/abs/pii/S0957417425030623
Fake Website Pages Used to Spread SpyNote Android Malware
https://dti.domaintools.com/spynote-malware-part-2/
Android Document Readers and Deception: Tracking the Latest Updates to Anatsa
https://www.zscaler.com/blogs/security-research/android-document-readers-and-deception-tracking-latest-updates-anatsa
Xiaomi 13 Pro Code Execution via GetApps DOM Cross-Site Scripting (XSS) from Pwn2Own 2023
happyjester80/xiaomi-13-pro-code-execution-via-getapps-dom-cross-site-scripting-xss-6590cf35fb27" rel="nofollow">https://medium.com/@happyjester80/xiaomi-13-pro-code-execution-via-getapps-dom-cross-site-scripting-xss-6590cf35fb27
Full exploit chain of FiberGateway router via public wifi network
https://r0ny.net/FiberGateway-GR241AG-Full-Exploit-Chain/
Lazarus Stealer : Android Malware for Russian Bank Credential Theft Through Overlay and SMS Manipulation
https://www.cyfirma.com/research/lazarus-stealer-android-malware-for-russian-bank-credential-theft-through-overlay-and-sms-manipulation/
Reversing Android Apps: Bypassing Detection Like a Pro
https://www.kayssel.com/newsletter/issue-12/
PhantomCard: New NFC-driven Android malware emerging in Brazil
https://www.threatfabric.com/blogs/phantomcard-new-nfc-driven-android-malware-emerging-in-brazil
Android backdoor spies on employees of Russian business
https://forum.drweb.com/index.php?showtopic=339295