Available now! Telegram Research 2025 β the year's key insights 
Android Security & Malware
Open in Telegram
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
Show moreπ Analytical overview of Telegram channel Android Security & Malware
Channel Android Security & Malware (@androidmalware) in the English language segment is an active participant. Currently, the community unites 43 912 subscribers, ranking 3 082 in the Technologies & Applications category and 726 in the USA region.
π Audience metrics and dynamics
Since its creation on Π½Π΅Π²ΡΠ΄ΠΎΠΌΠΎ, the project has demonstrated rapid growth, gathering an audience of 43 912 subscribers.
According to the latest data from 16 June, 2026, the channel demonstrates stable activity. Although there has been a change in the number of participants by 190 over the last 30 days and by 17 over the last 24 hours, overall reach remains high.
- Verification status: Not verified
- Engagement rate (ER): The average audience engagement rate is 12.41%. Within the first 24 hours after publication, content typically collects 5.12% reactions from the total number of subscribers.
- Post reach: On average, each post receives 5 451 views. Within the first day, a publication typically gains 2 250 views.
- Reactions and interaction: The audience actively supports content: the average number of reactions per post is 12.
- Thematic interests: Content is focused on key topics such as cve-2025, exploit, rat, trojan, bypass.
π Description and content policy
The author describes the resource as a platform for expressing subjective opinions:
βMobile cybersecurity channel
Links: https://linktr.ee/mobilehacker
Contact: mobilehackerofficial@gmail.comβ
Thanks to the high frequency of updates (latest data received on 17 June, 2026), the channel maintains relevance and a high level of publication reach. Analytics show that the audience actively interacts with content, making it an important point of influence in the Technologies & Applications category.
43 912
Subscribers
+1724 hours
+1127 days
+19030 days
Posts Archive
iGoat Challenge Write up
Introduction
https://starkeblog.com/ios/appsec/2024/05/22/igoat-swift.html
Driving forward in Android drivers
Blog: https://googleprojectzero.blogspot.com/2024/06/driving-forward-in-android-drivers.html
Presentation: https://archive.org/details/shmoocon2024/Shmoocon2024-SethJenkins-Driving_Forward_in_Android_Drivers.mp4
Proof of concept exploit code(CVE-2023-32832): https://bugs.chromium.org/p/project-zero/issues/detail?id=2470#c4
Operation Celestial Force employs mobile and desktop malware to target Indian entities (GravityRAT, HeavyLift)
https://blog.talosintelligence.com/cosmic-leopard/
Five campaigns targeting Android users in Egypt and Palestine, most probably operated by the Arid Viper APT group. Three of the campaigns are active, distributing Android spyware AridSpy via dedicated websites
https://www.welivesecurity.com/en/eset-research/arid-viper-poisons-android-apps-with-aridspy/
QR code SQL injection and other vulnerabilities in a popular biometric terminal (CVE-2023-3938, CVE-2023-3939, CVE-2023-3940, CVE-2023-3941, CVE-2023-3942, CVE-2023-3943)
https://securelist.com/biometric-terminal-vulnerabilities/112800/
DoS McAfee VPN app via deeplink
McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to cause a denial of service through the use of a malformed deep link (CVE-2024-34406)
https://www.mcafee.com/support/?articleId=000002403&page=shell&shell=article-view
Wpeeper: New Android malware hides behind hacked WordPress sites
https://blog.xlab.qianxin.com/playing-possum-whats-the-wpeeper-backdoor-up-to/
Android (on device) fuzzing using AFL++ Frida Mode
Blog: https://knifecoat.com/Posts/Fuzzing+Redux%2C+leveraging+AFL%2B%2B+Frida-Mode+on+Android+native+libraries
AFL++ Frida Mode Build: https://github.com/FuzzySecurity/afl-frida-build
GoldPickaxe exposed: How Group-IB analyzed the face-stealing iOS Trojan and how to do it yourself
https://www.group-ib.com/blog/goldpickaxe-ios-trojan/
Becoming any Android app via Zygote command injection (CVE-2024-31317)
https://rtx.meta.security/exploitation/2024/06/03/Android-Zygote-injection.html
iOS 16.5.1 safari RCE Analysis (CVE-2023β37450)
[blog] https://medium.com/@enki-techblog/ios-16-5-1-safari-rce-analysis-cve-2023-37450-89bb8583bebc
[slides] https://www.synacktiv.com/sites/default/files/2024-05/escaping_the_safari_sandbox_slides.pdf
Android Universal Root
Rooting Pixel 6 and 7 Pro running Android 13 π
Analysis and Exploitation of CVE-2023-20938 (exploit a use-after-free vulnerability to elevate privileges to root and disable SELinux)
[blog] https://androidoffsec.withgoogle.com/posts/attacking-android-binder-analysis-and-exploitation-of-cve-2023-20938/
[slides] https://androidoffsec.withgoogle.com/posts/attacking-android-binder-analysis-and-exploitation-of-cve-2023-20938/offensivecon_24_binder.pdf
[PoC demo] https://www.youtube.com/watch?v=7qFb6RUHnnU
Fake Bahrain Government Android App Steals Personal Data Used for Financial Fraud
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fake-bahrain-government-android-app-steals-personal-data-used-for-financial-fraud/
New dalvik bytecode disassembler and graph view
Blog: https://margin.re/2024/05/dalvik-disassembly/
Github: https://github.com/MarginResearch/dalvik
PS4 PPPwn Exploit: Using Android DroidPPPwn app it is possible to jailbreak PS4
Info: https://wololo.net/2024/05/28/ps4-pppwn-exploit-droidpppwn-port-to-android-phones-version-1-1/
DroidPPPwn: https://github.com/deviato/DroidPPPwn
PCTattletale stalkerware leaks victims' screen recordings to entire Internet
https://www.ericdaigle.ca/pctattletale-leaking-screen-captures/
Technical Analysis of Anatsa (a.k.a. TeaBot) Campaigns: An Android Banking Malware Active in the Google Play Store
https://www.zscaler.com/blogs/security-research/technical-analysis-anatsa-campaigns-android-banking-malware-active-google
Android Firedown Browser app allows a remote attacker to execute arbitrary JavaScript code via an implicit intent (CVE-2024-31974)
https://github.com/actuator/com.solarized.firedown/blob/main/CVE-2024-31974
Fuzzing Android binaries using AFL++ Frida Mode
https://valsamaras.medium.com/fuzzing-android-binaries-using-afl-frida-mode-57a49cf2ca43
Mobile Malware Analysis of Android banking trojan Blackrock
https://8ksec.io/mobile-malware-analysis-part-7-blackrock/
