现已上线!2025 年 Telegram 研究 — 年度关键洞察 
Android Security & Malware
前往频道在 Telegram
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
显示更多📈 Telegram 频道 Android Security & Malware 的分析概览
频道 Android Security & Malware (@androidmalware) 英语 语言赛道中的 是活跃参与者。目前社区聚集了 44 091 名订阅者,在 技术与应用 类别中位列第 3 046,并在 美国 地区排名第 701 位。
📊 受众指标与增长动态
自 невідомо 创建以来,项目保持高速增长,吸引了 44 091 名订阅者。
根据 26 六月, 2026 的最新数据,频道保持稳定运转。过去 30 天订阅人数变化为 373,过去 24 小时变化为 28,整体触达仍然可观。
- 认证状态: 未认证
- 互动率 (ER): 平均受众互动率为 13.37%。内容发布后 24 小时内通常能获得 3.68% 的反应,占订阅者总量。
- 帖子覆盖: 每篇帖子平均可获得 5 893 次浏览,首日通常累积 1 622 次浏览。
- 互动与反馈: 受众积极参与,单帖平均反应数为 12。
- 主题关注点: 内容集中在 cve-2025, exploit, rat, trojan, bypass 等核心主题上。
📝 描述与内容策略
作者将该频道定位为表达主观观点的平台:
“Mobile cybersecurity channel
Links: https://linktr.ee/mobilehacker
Contact: mobilehackerofficial@gmail.com”
凭借高频更新(最新数据采集于 27 六月, 2026),频道始终保持新鲜度与高覆盖。分析显示受众积极互动,使其成为 技术与应用 类别中的关键影响点。
44 091
订阅者
+2824 小时
+1637 天
+37330 天
帖子存档
Android backdoor found on Google Play in OpenGL Plugin app
https://news.drweb.com/show/?i=13349&lng=en
58 HiddenAds Trojans with over 8,200,000 installs found on Google Play
https://twitter.com/m0br3v/status/1149621258671099907?s=19
Fake DeepNude Downloads Gives You Malware Instead of Nudes
A brief search on YouTube indicates that the campaign started a week ago. The latest video linking to a file in the description was uploaded on Wednesday and has almost 1,000 views; it links to an Android app.
https://www.bleepingcomputer.com/news/security/fake-deepnude-downloads-gives-you-malware-instead-of-nudes/
iOS URL Scheme Susceptible to Hijacking
Abuse of the URL Scheme can potentially result in the loss of privacy, bill fraud, exposure to pop-up ads, and more.
https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/
The first Bluetooth hair straighteners can be easily hacked #IoT
As there is no pairing or bonding established over BLE when connecting a phone, anyone in range with the app can take control of the straighteners.
https://www.pentestpartners.com/security-blog/burning-down-the-house-with-iot/
How to set up quick Android malware or bug bounty analysis lab
1.0) Install Android 8.1 Oreo in Virtual Machine: https://techsviewer.com/install-android-in-virtual-machine-vmware-and-virtualbox
1.1) Android 8.1 in qemu and Burp Suite SSL interception: https://astr0baby.wordpress.com/2019/07/09/android-8-1-in-qemu-and-burp-suite-ssl-interception/
2) Set up SSL PINNING IN 10 MINUTES WITH FRIDA: https://omespino.com/tutorial-universal-android-ssl-pinning-in-10-minutes-with-frida/
3) Download apps or malware to test: https://koodous.com/apksAnalysis of Agent Smith: A New Species of Mobile Malware
https://research.checkpoint.com/agent-smith-a-new-species-of-mobile-malware/
Android Debug Bridge commands 💻📲
ADB commands are executed from PC on a connected Android deviceNew Android malware replaces legitimate apps with ad-infested doppelgangers.
The vast majority of victims are located in India (15.2 million), Bangladesh (2.5 million), and Pakistan (1.7 million).
The Agent Smith malware uses the Janus technique to inject malicious code inside a legitimate app, but without affecting its MD5 file hash.
https://www.zdnet.com/article/new-android-malware-replaces-legitimate-apps-with-ad-infested-doppelgangers/
New FinFisher spy infects iOS (jailbreak) and Android devices.
FinFisher has been sold to governments all over the world. For iOS it doesn't use any exploit but manual installation is required.
Targets popular messaging apps.
https://securelist.com/new-finspy-ios-and-android-implants-revealed-itw/91685/
Towards Understanding Android System Vulnerabilities: Techniques and Insights
https://daoyuan14.github.io/slides/AsiaCCS19_slides_Daoyuan.pdf
iOS13 beta 2 notifies user when apps report excessive location tracking
https://www.reddit.com/r/ios/comments/cb4769/ios_13_public_beta_2_notifies_when_apps_report/
QCSuper: open-source tool that enables you to passively capture raw 2G/3G/4G frames by rooted Qualcomm-based Android phone or dongle
https://labs.p1sec.com/2019/07/09/presenting-qcsuper-a-tool-for-capturing-your-2g-3g-4g-air-traffic-on-qualcomm-based-phones/
Four Ways The Bad Guys Attack Mobile Devices
▪️Network based attacks
▪️Device exploits
▪️Phishing attacks
▪️Malicious apps
https://blog.zimperium.com/not-fathers-endpoint-four-ways-bad-guys-attack-mobile-devices/
Analysis of subscription scam iOS apps found on App Store.
These are apps that are free to download and then ask you to subscribe right on launch. https://ivrodriguez.com/investigating-some-subscription-scam-ios-apps/
Australian Federal Police admits to spying on journalists
The authorities used a 2015 amendment to espionage legislation that forces telecommunications companies to keep phone and Internet records, as well as other metadata, of users for up to two years.
https://www.theguardian.com/australia-news/2019/jun/04/federal-police-raid-home-of-news-corp-journalist-annika-smethurst
Hackers exploit 7-Eleven mobile app's poorly designed password reset function to make unwanted charges on 900 customers' accounts.
https://www.zdnet.com/article/7-eleven-japanese-customers-lose-500000-due-to-mobile-app-flaw/
Android malware hidden inside VirtualApp sandbox. #chinese
http://blog.avlsec.com/2019/07/5393/virtualapp%e6%8a%80%e6%9c%af%e5%ba%94%e7%94%a8%e5%8f%8a%e5%ae%89%e5%85%a8%e5%88%86%e6%9e%90%e6%8a%a5%e5%91%8a/
iOS 13 beta 3 available only for developers already exploited and got root shell #JailBreak
Exploit code is not released.
https://twitter.com/iBSparkes/status/1147830471440633858
Over 1,000 Android apps harvest data even after you deny permissions.
Apps used workarounds that would take personal data from sources like Wi-Fi connections and metadata stored in photos.
Fix won’t come until Android Q.
https://www.cnet.com/news/more-than-1000-android-apps-harvest-your-data-even-after-you-deny-permissions/
PDF: www.ftc.gov/system/files/documents/public_events/1415032/privacycon2019_serge_egelman.pdf
