Available now! Telegram Research 2025 β the year's key insights 
Android Security & Malware
Open in Telegram
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
Show moreπ Analytical overview of Telegram channel Android Security & Malware
Channel Android Security & Malware (@androidmalware) in the English language segment is an active participant. Currently, the community unites 43 921 subscribers, ranking 3 072 in the Technologies & Applications category and 720 in the USA region.
π Audience metrics and dynamics
Since its creation on Π½Π΅Π²ΡΠ΄ΠΎΠΌΠΎ, the project has demonstrated rapid growth, gathering an audience of 43 921 subscribers.
According to the latest data from 20 June, 2026, the channel demonstrates stable activity. Although there has been a change in the number of participants by 233 over the last 30 days and by 13 over the last 24 hours, overall reach remains high.
- Verification status: Not verified
- Engagement rate (ER): The average audience engagement rate is 13.42%. Within the first 24 hours after publication, content typically collects 3.72% reactions from the total number of subscribers.
- Post reach: On average, each post receives 5 896 views. Within the first day, a publication typically gains 1 636 views.
- Reactions and interaction: The audience actively supports content: the average number of reactions per post is 13.
- Thematic interests: Content is focused on key topics such as cve-2025, exploit, rat, trojan, bypass.
π Description and content policy
The author describes the resource as a platform for expressing subjective opinions:
βMobile cybersecurity channel
Links: https://linktr.ee/mobilehacker
Contact: mobilehackerofficial@gmail.comβ
Thanks to the high frequency of updates (latest data received on 21 June, 2026), the channel maintains relevance and a high level of publication reach. Analytics show that the audience actively interacts with content, making it an important point of influence in the Technologies & Applications category.
43 921
Subscribers
+1324 hours
+617 days
+23330 days
Posts Archive
A short history of telephone hacking: from phreaking to mobile malware
https://bit-sentinel.com/a-short-history-of-telephone-hacking-from-phreaking-to-mobile-malware
Remote Code Execution in Evernote for Android by misusing path traversal vulnerability
https://hackerone.com/reports/1377748
A deep dive inside anti-reverse & universal bypass with Frida
https://raw.githubusercontent.com/FrenchYeti/unrasp/main/Slides/Forging_golden_hammer_against_android_app_protections_INSO22_FINAL.pdf
Remotely steal bearer token via maliciously crafted deep link from Basecamp Android app
https://hackerone.com/reports/1372667
RTLO Injection URI Spoofing in mobile apps (CVE-2020-20093; CVE-2020-20094; CVE-2020-20095; CVE-2020-20096)
Affects all recent distributions of iOS iMessage, WhatsApp, Instagram, and Facebook Messenger as of 2019.8.15.
The user interface does not properly represent critical information to the user, allowing the information to be spoofed. This is often a component in online scams, phishing and disinformation propagation.
https://github.com/zadewg/RIUS
Dirty Pipe temporary root exploit for Android (Pixel 6)
https://github.com/polygraphene/DirtyPipe-Android
Trojanized Android & iOS cryptocurrency wallet apps
Malicious code was inserted in specific place of legit apps manually, which required attacker to perform in-depth analysis of wallet first
https://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/
When Equal is Not, Another WebView Takeover Story
https://valsamaras.medium.com/when-equal-is-not-another-webview-takeover-story-730be8d6e202
Facestealer Trojan found in Google Play app with 100,000+ installs injects JavaScript to facebook\.com to steal Facebook Accounts credentials
https://threatpost.com/facestealer-trojan-google-play-facebook/179015/
Repost from The Bug Bounty Hunter
Unraveling Assets from Android Apps at Scale
https://bevigil.com/blog/unraveling-assets-from-android-apps-at-scale/
Crypto Scam - CryptoRom - targets vulnerable iPhone (iOS TestFlight and WebClips) and Android users (APK)
How it works:
The campaign works by approaching potential targets through dating apps like Bumble, Tinder, Facebook Dating, and Grindr, before moving the conversation to messaging apps such as WhatsApp and urging the victims to install a cryptocurrency trading application that's designed to mimic popular brands and lock people out of their accounts and freeze their funds.
https://news.sophos.com/en-us/2022/03/16/cryptorom-bitcoin-swindlers-continue-to-target-vulnerable-iphone-and-android-users/
Frida iOS video tutorials
Introduction to Frida and iOS, low-level iOS interfaces (GCD, XPC, IOKit, Mach), and Objective-C instrumentation
Part I: https://youtu.be/h070-YZKOKE
Part II: https://youtu.be/qpEIRe2CP-w
Part III: https://youtu.be/x48y2ehfWGE
Theft of protected files by 3rd party Android app from ownCloud application
https://hackerone.com/reports/1454002
I created a Discord community for a better categorization and visibility of mobile InfoSec posts with option for you to participate and share or ask questions.
Join & share: https://discord.gg/ByrVsEvVTg
Global Mobile Threat Report for 2021:
-30% of the known, zero-day vulnerabilities discovered in 2021 targeted mobile devices
-466% increase in exploited, zero-day vulnerabilities used in active attacks against mobile endpoints
-75% of the phishing sites analyzed specifically targeted mobile devices
-2,034,217 new mobile malware samples were detected
https://blog.zimperium.com/global-mobile-threat-report-key-insights/
iOS Hacking - A Beginner's Guide to Hacking iOS Apps [2022 Edition]
https://martabyte.github.io/ios/hacking/2022/03/13/ios-hacking-en.html
Exploring the archived APKs powering Androidβs new app archiving feature https://blog.esper.io/android-dessert-bites-16-app-archiving-857169/
A attacker can open a malicious url or 3rd party app in NextCloud Talk app https://hackerone.com/reports/1337178
Reverse engineering of a trojanized medical app β Android/Joker
- 4 different stages of DEX & JARs https://cryptax.medium.com/live-reverse-engineering-of-a-trojanized-medical-app-android-joker-632d114073c1
Dirty Pipe vulnerability affects Linux Kernel since 5.8 including Android (CVE-2022-0847)
This issue leads to LPE because unprivileged processes can inject code into root processes
Details and PoC exploit: https://dirtypipe.cm4all.com/
Demo of exploitation: https://www.instagram.com/p/Ca2JIOjgwF6/
