Available now! Telegram Research 2025 β the year's key insights 
Android Security & Malware
Open in Telegram
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
Show moreπ Analytical overview of Telegram channel Android Security & Malware
Channel Android Security & Malware (@androidmalware) in the English language segment is an active participant. Currently, the community unites 43 900 subscribers, ranking 3 091 in the Technologies & Applications category and 725 in the USA region.
π Audience metrics and dynamics
Since its creation on Π½Π΅Π²ΡΠ΄ΠΎΠΌΠΎ, the project has demonstrated rapid growth, gathering an audience of 43 900 subscribers.
According to the latest data from 15 June, 2026, the channel demonstrates stable activity. Although there has been a change in the number of participants by 181 over the last 30 days and by 19 over the last 24 hours, overall reach remains high.
- Verification status: Not verified
- Engagement rate (ER): The average audience engagement rate is 12.50%. Within the first 24 hours after publication, content typically collects 5.13% reactions from the total number of subscribers.
- Post reach: On average, each post receives 5 485 views. Within the first day, a publication typically gains 2 250 views.
- Reactions and interaction: The audience actively supports content: the average number of reactions per post is 12.
- Thematic interests: Content is focused on key topics such as cve-2025, exploit, rat, trojan, bypass.
π Description and content policy
The author describes the resource as a platform for expressing subjective opinions:
βMobile cybersecurity channel
Links: https://linktr.ee/mobilehacker
Contact: mobilehackerofficial@gmail.comβ
Thanks to the high frequency of updates (latest data received on 16 June, 2026), the channel maintains relevance and a high level of publication reach. Analytics show that the audience actively interacts with content, making it an important point of influence in the Technologies & Applications category.
43 900
Subscribers
+1924 hours
+1077 days
+18130 days
Posts Archive
Diving into ADB protocol internals (1/2)
https://www.synacktiv.com/publications/diving-into-adb-protocol-internals-12
Android Vo1d malware infected over a million Android TV boxes
It is a backdoor that puts its components in the system storage and, when commanded by attackers, is capable of secretly downloading and installing third-party software
https://news.drweb.com/show/?i=14900&lng=en
Android banking trojan - Ajina - attacks Central Asia: Story of an Uzbek Android Pandemic
https://www.group-ib.com/blog/ajina-malware
Exploiting JavaScript Interface for Unauthorized Access in a Kucoin cryptocurrency exchange Android app
https://hulkvision.github.io/blog/javascript-interface/exploiting-javascript-interface/
A new TrickMo saga: from Banking Trojan to Victim's Data Leak
https://www.cleafy.com/cleafy-labs/a-new-trickmo-saga-from-banking-trojan-to-victims-data-leak
Unburdened By What Has Been: Exploiting New Attack Surfaces in Radio Layer 2 for Baseband RCE on Samsung Exynos
https://labs.taszk.io/articles/post/there_will_be_bugs/
[$12000] How I found 3 Critical 0-click TikTok Account Takeover Vulnerabilities, 2FA bypass & more security issues in TikTokβs system
https://vojtechcekal.medium.com/12000-3-critical-0-click-tiktok-account-takeover-vulnerabilities-2fa-bypass-more-security-78554827cfc3
How to intercepting Android at runtime on non-rooted devices using frida-gadget
https://dispatchersdotplayground.hashnode.dev/intercepting-android-at-runtime-on-non-rooted-devices
Attempted cyberattacks on Ukrainian military systems using mobile malware
https://cert.gov.ua/article/6280563
New Android SpyAgent Campaign Steals Crypto Credentials via Image Recognition
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-android-spyagent-campaign-steals-crypto-credentials-via-image-recognition/
GPUAF Using a general GPU exploit tech to attack Pixel 8
We developed an advanced exploit technique capable of transforming a conventional out-of-bounds (OOB) bug into a more potent exploit primitive, specifically a page Use-After-Free (UAF). Utilizing this technique, we successfully exploited a vulnerability in the Pixel series, achieving Kernel Code Execution.
https://www.youtube.com/watch?v=Mw6iCqjOV9Q
New Phishing Campaign Spreads EagleSpy Android Malware
https://www-d3lab-net.translate.goog/nuova-campagna-di-phishing-diffonde-malware-android-eaglespy/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en
Reverse Engineering Obfuscated Flutter App
https://youtu.be/0uUSwMg2suk
Rocinante: Analysis of new Android banking trojan
https://www.threatfabric.com/blogs/the-trojan-horse-that-wanted-to-fly-rocinante
Critical Zip Slip Vulnerability Discovered in Mobile Security Framework (MobSF) could allow malicious actors to execute code remotely on servers running MobSF (CVE-2024-43399)
https://securityonline.info/cve-2024-43399-critical-zip-slip-vulnerability-discovered-in-mobile-security-framework-mobsf
Intercepting iHealth app traffic with Caido and Frida
iHealth Nexus Pro Body Composition Scale only communicates via Bluetooth Low Energy (BLE) to a iHealth mobile app
Blog: https://brownfinesecurity.com/blog/intercepting-mobile-traffic-with-caido-and-frida/
Video: https://youtu.be/GvRi7chKMPI
How to root an Android device for analysis and vulnerability assessment
https://www.pentestpartners.com/security-blog/how-to-root-an-android-device-for-analysis-and-vulnerability-assessment/
Technical Analysis of Copybara
https://threatlabz.zscaler.com/blogs/security-research/technical-analysis-copybara
New Android malware - NGate - relays NFC data from victimsβ payment cards, via victimsβ compromised mobile phones, to attacker's device waiting at an ATM to withdraw cash
https://www.welivesecurity.com/en/eset-research/ngate-android-malware-relays-nfc-traffic-to-steal-cash/
Sophisticated phishing method targeted mobile users via Progressive Web Apps (iOS, Android) and WebAPKs (Android) to mimic banking apps. Installing WebAPK apps doesn't warn the victim about installing a third-party application and they even appear to have been installed from the Google Play store
https://www.welivesecurity.com/en/eset-research/be-careful-what-you-pwish-for-phishing-in-pwa-applications/
