43051
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
SSL Pinning Bypass – Android
https://hardsoftsecurity.es/index.php/2025/11/26/ssl-pinning-bypass-android/
Hunting potential C2 commands in Android malware via Smali string comparison and control flow
https://youtu.be/BVMEHN_D-Gg
Arbitrary App Installation on Intune Managed Android Enterprise BYOD
https://jgnr.ch/sites/android_enterprise.html
Turn Your Old Android Into a Privacy Box!
Pi-hole blocks ads, trackers and shady websites across your entire network - and you can run it on that old Android phone sitting in your drawer!
https://www.mobile-hacker.com/2025/11/25/pi%e2%80%91hole-on-android-turn-your-spare-smartphone-into-a-network%e2%80%91wide-ad%e2%80%91blocker/
RadzaRat: New Android Trojan Disguised as File Manager Emerges with Zero Detection Rate
https://www.certosoftware.com/insights/radzarat-new-android-trojan-disguised-as-file-manager-emerges-with-zero-detection-rate/
Proof-of-concept exploit showing how itunesstored & bookassetd daemons can be abused to escape iOS sandbox restrictions
https://hanakim3945.github.io/posts/download28_sbx_escape/
WhatsApp by the Numbers
I dived into anonymized metadata published after a #WhatsApp security issue that exposed 3.5B phone numbers
-Android rules (81%)
-iOS dominates in rich markets
-Monaco = multi-account heaven
-China is niche but enterprise-heavy
https://www.mobile-hacker.com/2025/11/20/whatsapp-by-the-numbers-what-anonymized-metadata-from-a-security-flaw-reveals/
Sturnus: Mobile Banking Malware bypassing WhatsApp, Telegram and Signal Encryption
https://www.threatfabric.com/blogs/sturnus-banking-trojan-bypassing-whatsapp-telegram-and-signal
One of top-selling digital picture frames from Amazon’s between March and April 2025 comes:
-rooted by default
-runs Android 6
-SELinux security module disabled
-downloads and executes malicious payloads from China-based servers at boot
-17 security issues discovered
report: https://go.quokka.io/hubfs/App-Intel/Technical_Uhale-Digital-Picture-Frame-Security-Assessment.pdf
Flutter SSL Bypass: How to Intercept HTTPS Traffic When all other Frida Scripts Fail
https://m4kr0x.medium.com/flutter-tls-bypass-how-to-intercept-https-traffic-when-all-other-frida-scripts-fail-bd3d04489088
North Korean APT actors exploited ZipperDown vulnerability in Android apps via malicious emails.
One click → overwrite app library → full control.
https://ti.qianxin.com/blog/articles/operation-south-star-en/
Runtime Android Object Instrumentation
https://knifecoat.com/Posts/Runtime+Android+Object+Instrumentation
Fantasy Hub: Analysis of Russian Based Android RAT as M-a-a-S
https://zimperium.com/blog/fantasy-hub-another-russian-based-rat-as-m-a-a-s
Analysis of recent Android NGate malware campaign (NFC relay) in Poland
https://cert.pl/en/posts/2025/11/analiza-ngate/
Demo: https://x.com/androidmalware2/status/1986406590866727047
Exploiting CVE-2025-21479 on a Samsung S23
https://xploitbengineer.github.io/CVE-2025-21479
[beginners] Android Recon for Bug Bounty
Learn how to extract APKs, find hidden endpoints & secrets before exploitation using tools such as:
APKeep, APKTool, apk2url, jadx-gui, MobSF, MARA, Drozer
https://www.yeswehack.com/learn-bug-bounty/android-recon-bug-bounty-guide
Bypassing iOS Frida Detection with LLDB and Frida
https://tonygo.tech/blog/2025/8ksec-ios-ctf-writeup
RelayNFC: The New NFC Relay Malware Targeting Brazil
https://cyble.com/blog/relaynfc-nfc-relay-malware-targeting-brazil/
Is Your Android TV Streaming Box Part of a Botnet?
https://krebsonsecurity.com/2025/11/is-your-android-tv-streaming-box-part-of-a-botnet/
GhostAd: Hidden Google Play Adware Drains Devices and Disrupts Millions of Users
https://blog.checkpoint.com/research/ghostad-hidden-google-play-adware-drains-devices-and-disrupts-millions-of-users/
How deep links in mobile apps can be exploited for Remote Code Execution (RCE)
https://medium.com/meetcyber/exploiting-deep-links-for-rce-in-mobile-applications-6806c330c00b
The Phia app for iOS injects JavaScript and still collects almost every URL you visit with their Safari extension. Safari extensions even with Apple’s restrictions
https://gist.github.com/dweinstein/4d827f787ba65b5d0fd05cc9814883c4
A Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers
https://github.com/sbaresearch/whatsapp-census
GPT Trade: Fake Google Play Store drops BTMob Spyware and UASecurity Miner on Android Devices
https://www.d3lab.net/gpt-trade-fake-google-play-store-drops-btmob-spyware-and-uasecurity-miner-on-android-devices/
First-ever interview with one of Kali NetHunter developers @yesimxev is live!
We "sat down" and talked about:
His hacking journey.
What are the best smartphone for running NetHunter.
Two newly supported devices revealed.
A sneak peek into his brand-new podcast and more.
https://www.mobile-hacker.com/2025/11/11/inside-the-mind-of-a-kali-nethunter-developer-a-deep-dive-with-yesimxev/
The North Korean state-sponsored KONNI APT group is now using remote wipe tactics to erase Android devices through compromised victim computer
https://www.genians.co.kr/en/blog/threat_intelligence/android
LANDFALL: New Android commercial-grade spyware targeted Samsung Galaxy devices via a WhatsApp zero-click exploit in image parsing (CVE-2025-21042)
https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/
Android Stalkerware Detection Test
https://www.eff.org/deeplinks/2025/11/eff-teams-av-comparatives-test-android-stalkerware-detection-major-antivirus-apps
Frida JDWP Loader
This tool dynamically attaches Frida to any debuggable Android process over JDWP, enabling runtime instrumentation without root access.
Perfect for dynamic app analysis, quick pentesting, bug bounty
https://github.com/frankheat/frida-jdwp-loader Video demo: https://x.com/androidmalware2/status/1986022672472359017
Analysis of Android DeliveryRAT
https://www.f6.ru/blog/android-deliveryrat-research/