Android Bankers: 4 Campaigns In A Row
https://zimperium.com/blog/android-bankers-4-campaigns-in-a-row
https://zimperium.com/blog/android-bankers-4-campaigns-in-a-row
Zimperium
Android Bankers: 4 Campaigns In A Row
true
❤10👍1🎃1
Lorikazz: An Android TV and STB botnet using Tor .onion C2, ENS resolution, and bundled ELF payloads disguised as system libraries to hijack set-top boxes for proxyware operations
https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2026-04-13-LORIKAZZ-ANDROID-IOT.txt
https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2026-04-13-LORIKAZZ-ANDROID-IOT.txt
GitHub
Unit42-timely-threat-intel/2026-04-13-LORIKAZZ-ANDROID-IOT.txt at main · PaloAltoNetworks/Unit42-timely-threat-intel
A collection of files with indicators supporting social media posts from Palo Alto Network's Unit 42 team to disseminate timely threat intelligence. - PaloAltoNetworks/Unit42-timely-threat-intel
❤10🎃4👍1
MiningDropper – A Global Modular Android Malware Campaign Operating at Scale
https://cyble.com/blog/miningdropper-global-modular-android-malware/
https://cyble.com/blog/miningdropper-global-modular-android-malware/
Cyble
MiningDropper: A Global Android Malware Campaign
Cyble analyzes a surge in an ongoing campaign to deliver MiningDropper — a modular Android malware framework - at scale.
🎃10❤2👍1
FakeWallet crypto stealer spreading through iOS apps in the App Store
https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/
https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/
❤12🎃3👍1
New NGate variant hides in a trojanized NFC payment app
https://www.welivesecurity.com/en/eset-research/new-ngate-variant-hides-in-a-trojanized-nfc-payment-app/
https://www.welivesecurity.com/en/eset-research/new-ngate-variant-hides-in-a-trojanized-nfc-payment-app/
Welivesecurity
New NGate variant hides in a trojanized NFC payment app
ESET researchers discover another iteration of NGate malware, this time possibly developed with the assistance of AI.
😱11❤3👍1🎃1
Bad Connection: Uncovering how global mobile networks themselves have become surveillance infrastructure to spy on location of targets
https://citizenlab.ca/research/uncovering-global-telecom-exploitation-by-covert-surveillance-actors/
https://citizenlab.ca/research/uncovering-global-telecom-exploitation-by-covert-surveillance-actors/
The Citizen Lab
The Citizen Lab Bad Connection: Uncovering Global Telecom Exploitation by Covert Surveillance Actors
Our investigation uncovers two sophisticated telecom surveillance campaigns and, for the first time, links real-world attack traffic to mobile operator signalling infrastructure. The findings expose how suspected commercial surveillance vendors (CSVs) exploit…
❤8🎃4👏3👍1
Morpheus: A new Spyware linked to IPS Intelligence
https://osservatorionessuno.org/blog/2026/04/morpheus-a-new-spyware-linked-to-ips-intelligence/
https://osservatorionessuno.org/blog/2026/04/morpheus-a-new-spyware-linked-to-ips-intelligence/
osservatorionessuno.org
Osservatorio Nessuno
Morpheus: A new Spyware linked to IPS Intelligence
❤10👍6
KYCShadow: An Android Banking Malware Exploiting Fake KYC Workflows for Credential and OTP Theft
https://www.cyfirma.com/research/kycshadow-an-android-banking-malware-exploiting-fake-kyc-workflows-for-credential-and-otp-theft/
https://www.cyfirma.com/research/kycshadow-an-android-banking-malware-exploiting-fake-kyc-workflows-for-credential-and-otp-theft/
CYFIRMA
KYCShadow: An Android Banking Malware Exploiting Fake KYC Workflows for Credential and OTP Theft - CYFIRMA
Executive Summary This report presents an analysis of an Android malware masquerading as a bank KYC verification application, distributed via...
🎃6👍1
apk-info: APK full-featured parser
https://github.com/delvinru/apk-info
https://github.com/delvinru/apk-info
GitHub
GitHub - delvinru/apk-info: APK full-featured parser
APK full-featured parser. Contribute to delvinru/apk-info development by creating an account on GitHub.
❤22💩4🔥2🤮2👍1🤡1🎃1🆒1
This media is not supported in your browser
VIEW IN TELEGRAM
A Five- Bug Chain to Arbitrary APK Install on Samsung S25
https://bugscale.ch/blog/here-we-go-again-a-five-bug-chain-to-arbitrary-apk-install-on-samsung-s25/
https://bugscale.ch/blog/here-we-go-again-a-five-bug-chain-to-arbitrary-apk-install-on-samsung-s25/
❤21👍6🔥6
FEMITBOT: Abuse of Telegram Mini Apps for Large-Scale Fraud Campaigns
https://www.ctm360.com/reports/femitbot-telegram-mini-apps-fraud-campaigns
https://www.ctm360.com/reports/femitbot-telegram-mini-apps-fraud-campaigns
Ctm360
FEMITBOT: Telegram Mini Apps Fraud Report | CTM360
CTM360 report on FEMITBOT abuse of Telegram Mini Apps for large-scale fraud campaigns targeting crypto and financial platforms. Download the full report.
🎃11❤3👍1
Mirai: Botnet Hijacks ADB-Exposed Android Devices to Target Minecraft Servers
https://hunt.io/blog/xlabs-v1-ddos-for-hire-operation-exposed
https://hunt.io/blog/xlabs-v1-ddos-for-hire-operation-exposed
hunt.io
xlabs_v1 DDoS-for-Hire Operation Exposed: How an Operator's Debug Build Unraveled a Commercial Game-Server Botnet
A publicly exposed debug build unraveled xlabs_v1, a commercial game-server DDoS-for-hire botnet with 21 flood variants running on bulletproof infrastructure.
❤7⚡4👍1🙏1
Supply-chain attack by North Korea ScarCruft APT group targeting the Yanbian region via backdoor-laced Windows and Android games
https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/
https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/
Welivesecurity
A rigged game: ScarCruft compromises gaming platform in a supply-chain attack
ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via backdoor-laced Windows and Android games.
🔥10👍1
Fake call logs, real payments: How CallPhantom tricks Android users
https://www.welivesecurity.com/en/eset-research/fake-call-logs-real-payments-how-callphantom-tricks-android-users/
https://www.welivesecurity.com/en/eset-research/fake-call-logs-real-payments-how-callphantom-tricks-android-users/
Welivesecurity
Fake call logs, real payments: How CallPhantom tricks Android users
ESET researchers uncovered fraudulent apps on Google Play that claim to provide the call history “for any number” and had been downloaded more than seven million times before being taken down.
🤣8😁4❤3⚡1👍1
[beginners] Android Pentesting Skill
https://github.com/DragonJAR/Android-Pentesting-Skill
https://github.com/DragonJAR/Android-Pentesting-Skill
GitHub
GitHub - DragonJAR/Android-Pentesting-Skill: Skill de Pentesting para Android
Skill de Pentesting para Android. Contribute to DragonJAR/Android-Pentesting-Skill development by creating an account on GitHub.
🔥13❤9👍1👎1
New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps
https://www.threatfabric.com/blogs/new-trickmo-variant-device-take-over-malware-targeting-banking-fintech-wallet-auth-app
https://www.threatfabric.com/blogs/new-trickmo-variant-device-take-over-malware-targeting-banking-fintech-wallet-auth-app
ThreatFabric
New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps
Perseus is a new Device Takeover (DTO) malware family that specifically looks for user-generated content stored in note taking applications.
❤7👍4
New Android interception tool for component communication (IPC) mapping called #noxen for pentesters and bug bounty hunters
Test: https://youtube.com/shorts/JitFuNRCOJ8
Download: https://github.com/frankheat/noxen
Test: https://youtube.com/shorts/JitFuNRCOJ8
Download: https://github.com/frankheat/noxen
YouTube
Android interception tool for component communication (IPC) mapping | noxen | pentest
noxen is an Android runtime interception tool for security research...
👍22❤11🔥5
How hard can it be to build Frida natively on Android in Termux (without NDK)?
https://qbtau.in/posts/building_frida_on_termux/
https://qbtau.in/posts/building_frida_on_termux/
Abhi's Blog
How hard can it be to build Frida natively on Android/Termux(without NDK?)
Seriously, How hard can it be?
❤14👍3🎃2
Android Zero‑Click RCE via Wireless Debugging (CVE‑2026‑0073) + demos
Blog: https://www.mobile-hacker.com/2026/05/12/android-rce-via-wireless-debugging-from-network-access-to-shell/
Video: https://youtu.be/ihEIr0wWklk
Blog: https://www.mobile-hacker.com/2026/05/12/android-rce-via-wireless-debugging-from-network-access-to-shell/
Video: https://youtu.be/ihEIr0wWklk
YouTube
Android Zero‑Click RCE via Wireless Debugging | CVE‑2026‑0073 Demo
In this video, I break down a critical Android vulnerability ( CVE‑2026‑0073 ) affecting modern versions of Android (14, 15, 16), where a flaw in ADB’s authentication logic can allow an attacker on the same network to gain shell access without user interaction.…
❤23👍4
Android Intrusion Logging as a new source of data for forensic analysis
https://securitylab.amnesty.org/latest/2026/05/android-intrusion-logging-as-a-new-source-of-data-for-consensual-forensic-analysis/
https://securitylab.amnesty.org/latest/2026/05/android-intrusion-logging-as-a-new-source-of-data-for-consensual-forensic-analysis/
Amnesty International Security Lab
Android Intrusion Logging as a new source of data for consensual forensic analysis - Amnesty International Security Lab
Google has today announced the launch of a new ‘Android Intrusion Logging’ feature as part of Android Advanced Protection Mode (AAPM). The new intrusion logging feature promises to be a major aid to digital forensics researchers undertaking investigations…
👍12⚡2💩2👏1
Inside the Fake RTO Challan Checker: How I Uncovered a Sophisticated Android Spyware Targeting Indians
Part 1: https://medium.com/@singhbkn07/inside-the-fake-rto-challan-checker-how-i-uncovered-a-sophisticated-android-spyware-targeting-8f2da6a9a5a0
Part 2: https://medium.com/@singhbkn07/fake-rto-challan-checker-part-2-cracking-the-payload-mapping-the-operator-and-why-this-is-3eb78e512d7f
Part 1: https://medium.com/@singhbkn07/inside-the-fake-rto-challan-checker-how-i-uncovered-a-sophisticated-android-spyware-targeting-8f2da6a9a5a0
Part 2: https://medium.com/@singhbkn07/fake-rto-challan-checker-part-2-cracking-the-payload-mapping-the-operator-and-why-this-is-3eb78e512d7f
Medium
Inside the Fake RTO Challan Checker: How I Uncovered a Sophisticated Android Spyware Targeting Indians
A full technical teardown of a malware campaign hiding behind India’s traffic fine system
🔥5🎃3❤2👍2😁2