现已上线!2025 年 Telegram 研究 — 年度关键洞察 
Android Security & Malware
前往频道在 Telegram
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
显示更多📈 Telegram 频道 Android Security & Malware 的分析概览
频道 Android Security & Malware (@androidmalware) 英语 语言赛道中的 是活跃参与者。目前社区聚集了 43 900 名订阅者,在 技术与应用 类别中位列第 3 091,并在 美国 地区排名第 725 位。
📊 受众指标与增长动态
自 невідомо 创建以来,项目保持高速增长,吸引了 43 900 名订阅者。
根据 15 六月, 2026 的最新数据,频道保持稳定运转。过去 30 天订阅人数变化为 181,过去 24 小时变化为 19,整体触达仍然可观。
- 认证状态: 未认证
- 互动率 (ER): 平均受众互动率为 12.50%。内容发布后 24 小时内通常能获得 5.13% 的反应,占订阅者总量。
- 帖子覆盖: 每篇帖子平均可获得 5 485 次浏览,首日通常累积 2 250 次浏览。
- 互动与反馈: 受众积极参与,单帖平均反应数为 12。
- 主题关注点: 内容集中在 cve-2025, exploit, rat, trojan, bypass 等核心主题上。
📝 描述与内容策略
作者将该频道定位为表达主观观点的平台:
“Mobile cybersecurity channel
Links: https://linktr.ee/mobilehacker
Contact: mobilehackerofficial@gmail.com”
凭借高频更新(最新数据采集于 16 六月, 2026),频道始终保持新鲜度与高覆盖。分析显示受众积极互动,使其成为 技术与应用 类别中的关键影响点。
43 900
订阅者
+1924 小时
+1077 天
+18130 天
帖子存档
The ColorOS Internet Browser (com.heytap.browser) app for Android allows a remote attacker to execute arbitrary JavaScript code
PoC: https://github.com/actuator/com.heytap.browser
Exploiting Bluetooth: From your car to the bank account
Defcon slides: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Vladyslav%20Zubkov%20Martin%20Strohmeier%20-%20Exploiting%20Bluetooth%20-%20from%20your%20car%20to%20the%20bank%20account%24%24.pdf
RCE on Xiaomi 13 Pro (CVE-2023-26324)
👉Exploitation:
1) Open URL in WebView
2) Inject JavaScript
3) Execute JavaScript Interface functions from vulnerable GetApps to install & launch payload
4) Get shell
👉Slides with PoC: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Ken%20Gannon%20Ilyes%20Beghdadi%20-%20Xiaomi%20The%20Money%20Our%20Toronto%20Pwn2Own%20Exploit%20and%20Behind%20The%20Scenes%20Story.pdf
Exploiting Android’s Hardened Memory Allocator
PoC: https://github.com/HexHive/scudo-exploitation
Paper: https://nebelwelt.net/publications/files/24WOOT.pdf
Android Vulnerability Impacting Millions of Pixel Devices Around the World
https://iverify.io/blog/iverify-discovers-android-vulnerability-impacting-millions-of-pixel-devices-around-the-world
Android Game Hacking: Increase money in Dude Theft Wars Shooting
https://8ksec.io/hacking-android-games/
Dynamic Analysis Technique of Android Malware by Injecting Smali Gadgets
Patch APK with logcat output as alternative to using Frida
https://blogs.jpcert.or.jp/en/2024/08/smaligadget.html
The Way to Android Root: Exploiting Your GPU On Smartphone (CVE-2024-23380)
[slides] https://i.blackhat.com/BH-US-24/Presentations/REVISED_US24-Gong-The-Way-to-Android-Root-Wednesday.pdf
5GBaseChecker: a security analysis framework that helps to hunt for 5G vulnerabilities
https://github.com/SyNSec-den/5GBaseChecker
Google fixed Kernel RCE vulnerability in Android (CVE-2024-36971) that was most-likely used for targeted exploitation
https://source.android.com/docs/security/bulletin/2024-08-01
LianSpy: new Android spyware targeting Russian users
https://securelist.com/lianspy-android-spyware/113253/
Heap overflow in JPEG loading in Samsung's Little Kernel in bootloader allows a privileged attacker to execute persistent arbitrary code (it survives reboots and factory reset) CVE-2024-20832
Paper: https://www.sstic.org/media/SSTIC2024/SSTIC-actes/when_vendor1_meets_vendor2_the_story_of_a_small_bu/SSTIC2024-Article-when_vendor1_meets_vendor2_the_story_of_a_small_bug_chain-rossi-bellom_neveu.pdf
Slides: https://www.sstic.org/media/SSTIC2024/SSTIC-actes/when_vendor1_meets_vendor2_the_story_of_a_small_bu/SSTIC2024-Slides-when_vendor1_meets_vendor2_the_story_of_a_small_bug_chain-rossi-bellom_neveu.pdf
BlankBot - a new Android banking trojan with screen recording, keylogging and remote control capabilities
https://intel471.com/blog/blankbot-a-new-android-banking-trojan-with-screen-recording-keylogging-and-remote-control-capabilities
New Fileless Malware Framework "GhostHook" Targets Android Devices
https://iverify.io/post/new-fileless-malware-framework-ghosthook-targets-android-devices
Introducing the new Mobile App Security Weakness Enumeration (MASWE).
This brand new OWASP MAS resource bridges the gap between MASVS high-level controls and MASTG low-level testing, using a similar approach to CWEs.
https://mas.owasp.org/news/2024/07/30/new-maswe/
BingoMod: The new android RAT that steals money and wipes data
https://www.cleafy.com/cleafy-labs/bingomod-the-new-android-rat-that-steals-money-and-wipes-data
Open Redirect in Login Redirect in MobSF (CVE-2024-41955)
Update to MobSF v4.0.5.
https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-8m9j-2f32-2vx4
iOS Reverse Engineering
https://github.com/GhidraEnjoyr/iOS-Reverse-Engineering
BlueStacks (Android emulator) privilege escalation through VM backdooring (CVE-2024-33352)
https://github.com/mmiszczyk/CVE-2024-33352
Android CraxsRAT strikes in Malaysia
https://www.group-ib.com/blog/craxs-rat-malaysia/
