42251
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
Frida JDWP Loader
This tool dynamically attaches Frida to any debuggable Android process over JDWP, enabling runtime instrumentation without root access.
Perfect for dynamic app analysis, quick pentesting, bug bounty
https://github.com/frankheat/frida-jdwp-loader Video demo: https://x.com/androidmalware2/status/1986022672472359017
Analysis of Android DeliveryRAT
https://www.f6.ru/blog/android-deliveryrat-research/
Spyrtacus: Italian Surveillanceware Targets Android via Telecom
https://www.secureblink.com/threat-research/spyrtacus-italian-surveillanceware-targets-android-via-telecom-phishing
[beginners] Deep dive into Android Pentesting
Covered everything from static & dynamic analysis, Frida, Drozer, SSL pinning bypass, deep links, broadcast receivers, and more
If you're into mobile security, this one's packed with real-world scenarios & tools
https://coal-memory-97b.notion.site/Android-Pentest-1f6923af30cc80bdafa4f3c581f4c5f8
New Android Malware Herodotus Mimics Human Behaviour to Evade Detection
https://www.threatfabric.com/blogs/new-android-malware-herodotus-mimics-human-behaviour-to-evade-detection
How 1-click iOS exploit chains work (WebKit exploitation basics)
https://youtu.be/o6mVgygo-hk
Modding And Distributing Mobile Apps with Frida
https://pit.bearblog.dev/modding-and-distributing-mobile-apps-with-frida/
HyperRat – A New Android RAT Sold On Cybercrime Networks
https://iverify.io/blog/hyperrat-a-new-android-rat-sold-on-cybercrime-networks
Practical Android Pentesting: A Case Study on TikTok RCE
https://dphoeniixx.medium.com/practical-android-pentesting-a-case-study-on-tiktok-rce-4a82e79cc7c6
A vulnerability in DuckDuckGo’s Android browser allows file exfiltration via malicious intent:// URLs to gain access to a victim’s Sync account data such as account credentials and email protection information (CVE-2025-48464)
https://tuxplorer.com/posts/dont-leave-me-outdated/
MCGDroid: An Android Malware Classification Method Based on Multi-Feature Class-Call Graph Characterization
https://www.sciencedirect.com/science/article/abs/pii/S016740482500402X
New Android BEERUS framework for dynamic analysis & reverse engineering
BEERUS brings Frida auto-injection, sandbox exfiltration, memory dumps, Magisk integration and more for on device app analysis.
https://github.com/hakaioffsec/beerus-android
Modern iOS Security Features – A Deep Dive into SPTM, TXM, and Exclaves
https://arxiv.org/pdf/2510.09272
APK Tool GUI: GUI for apktool, signapk, zipalign and baksmali utilities
https://github.com/AndnixSH/APKToolGUI
ClayRat: A New Android Spyware Targeting Russia
https://zimperium.com/blog/clayrat-a-new-android-spyware-targeting-russia
Exploiting CVE-2025-21479 on a Samsung S23
https://xploitbengineer.github.io/CVE-2025-21479
Analysis of Android/BankBot-YNRK Mobile Banking Trojan
https://www.cyfirma.com/research/investigation-report-android-bankbot-ynrk-mobile-banking-trojan/
The Rise of NFC Relay Malware on Mobile Devices
Cybercriminals are spreading NFC relay malware that tricks you into placing your card against your phone’s NFC chip. Once you do, the malware silently captures and relays your card data to fraudsters, who can use it for unauthorized payments or ATM withdrawals.
Reports show these scams are growing fast across the globe, with hundreds of malicious apps already detected.
https://zimperium.com/blog/tap-and-steal-the-rise-of-nfc-relay-malware-on-mobile-devices
GhostGrab is a new Android malware blending crypto mining with banking credential theft.
It hijacks SMS OTPs, harvests PII, and runs a hidden Monero miner—draining battery while stealing funds.
It compromised over 30 devices and C&C server leaks over 2800 victim SMS
https://www.cyfirma.com/research/ghostgrab-android-malware/
Vulnerability in Google Messages for Wear OS resulted in invoking intents to send messages without permission (CVE-2025-12080) and awarded $2,250.00 by Google
Blog: https://towerofhanoi.it/writeups/cve-2025-12080/
PoC: https://github.com/io-no/CVE-Reports/tree/main/CVE-2025-12080
Android backdoor hijacks Telegram accounts, gaining complete control over them
https://news.drweb.com/show/?i=15076&lng=en&c=5
Samsung Galaxy S25 pwned
Yesterday at Pwn2Own Ken Gannon and Dimitrios Valsamaras used five different bugs to exploit the Samsung Galaxy S25 and earn $50,000
Patching Android ARM64 library initializers for easy Frida instrumentation and debugging
https://blog.nviso.eu/2025/10/14/patching-android-arm64-library-initializers-for-easy-frida-instrumentation-and-debugging/
Account takeover in Android app via JavaScript bridge
A misconfigured addJavascriptInterface + flawed domain validation + javascript:// trick enabled full cookie exfiltration via WebView.
Exploit chain: JSB dispatcher → file access handler → bypass via newline injection.
Payload:
Delivered via deeplink.
Executed JSB call to toBase64.
Read Cookies file from app sandbox.
Exfiltrated session data via callback.
https://tuxplorer.com/posts/account-takeover-via-jsb/
EnFeSTDroid: Ensembled feature selection techniques based Android malware detection
https://www.sciencedirect.com/science/article/pii/S0045790625007062
0-click vulnerability in Dolby's DDPlus decoder affected Android (CVE-2025-54957)
A malformed audio file can trigger an out-of-bounds write due to integer overflow in evolution data handling—leading to memory corruption and crashes.
Android decodes audio messages locally, making this exploitable without user interaction.
Reproduction: Just send a crafted RCS voice message (dolby_android_crash.mp4)
Details: https://project-zero.issues.chromium.org/issues/428075495
[beginners] Android Intents: operation, security and examples of attacks
https://mobeta-fr.translate.goog/android-intent-hijacking-pentest-mobile/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en
GhostBat RAT: Inside the Resurgence of RTO-Themed Android Malware
https://cyble.com/blog/ghostbat-rat-inside-the-resurgence-of-rto-themed-android-malware/
New Pixnapping Attack allows any Android app without permissions to leak info displayed by other apps exploiting Android APIs and a hardware side channel (CVE-2025-48561)
Pixnapping is not fixed and probably affects all Androids.
PoC: Not available yet.
Video demonstrates stealing 2FA codes from Google Authenticator. It's like taking screenshot. Pixnapping exploits a side channel that allows the malicious app to map the pixels at those coordinates to letters, numbers, or shapes.
Info: https://www.pixnapping.com/
Android Physical Memory: CVE-2025-21479 Rights Elevation Record
https://dawnslab.jd.com/android_gpu_attack_cve_2025_21479/