Available now! Telegram Research 2025 β the year's key insights 
Android Security & Malware
Open in Telegram
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
Show moreπ Analytical overview of Telegram channel Android Security & Malware
Channel Android Security & Malware (@androidmalware) in the English language segment is an active participant. Currently, the community unites 43 891 subscribers, ranking 3 094 in the Technologies & Applications category and 727 in the USA region.
π Audience metrics and dynamics
Since its creation on Π½Π΅Π²ΡΠ΄ΠΎΠΌΠΎ, the project has demonstrated rapid growth, gathering an audience of 43 891 subscribers.
According to the latest data from 14 June, 2026, the channel demonstrates stable activity. Although there has been a change in the number of participants by 168 over the last 30 days and by 10 over the last 24 hours, overall reach remains high.
- Verification status: Not verified
- Engagement rate (ER): The average audience engagement rate is 11.91%. Within the first 24 hours after publication, content typically collects 4.63% reactions from the total number of subscribers.
- Post reach: On average, each post receives 5 227 views. Within the first day, a publication typically gains 2 032 views.
- Reactions and interaction: The audience actively supports content: the average number of reactions per post is 12.
- Thematic interests: Content is focused on key topics such as cve-2025, exploit, rat, trojan, bypass.
π Description and content policy
The author describes the resource as a platform for expressing subjective opinions:
βMobile cybersecurity channel
Links: https://linktr.ee/mobilehacker
Contact: mobilehackerofficial@gmail.comβ
Thanks to the high frequency of updates (latest data received on 15 June, 2026), the channel maintains relevance and a high level of publication reach. Analytics show that the audience actively interacts with content, making it an important point of influence in the Technologies & Applications category.
43 891
Subscribers
+1024 hours
+887 days
+16830 days
Posts Archive
A vulnerability in DuckDuckGoβs Android browser allows file exfiltration via malicious intent:// URLs to gain access to a victimβs Sync account data such as account credentials and email protection information (CVE-2025-48464)
https://tuxplorer.com/posts/dont-leave-me-outdated/
EnFeSTDroid: Ensembled feature selection techniques based Android malware detection
https://www.sciencedirect.com/science/article/pii/S0045790625007062
MCGDroid: An Android Malware Classification Method Based on Multi-Feature Class-Call Graph Characterization
https://www.sciencedirect.com/science/article/abs/pii/S016740482500402X
0-click vulnerability in Dolby's DDPlus decoder affected Android (CVE-2025-54957)
A malformed audio file can trigger an out-of-bounds write due to integer overflow in evolution data handlingβleading to memory corruption and crashes.
Android decodes audio messages locally, making this exploitable without user interaction.
Reproduction: Just send a crafted RCS voice message (dolby_android_crash.mp4)
Details: https://project-zero.issues.chromium.org/issues/428075495
+3
New Android BEERUS framework for dynamic analysis & reverse engineering
BEERUS brings Frida auto-injection, sandbox exfiltration, memory dumps, Magisk integration and more for on device app analysis.
https://github.com/hakaioffsec/beerus-android
[beginners] Android Intents: operation, security and examples of attacks
https://mobeta-fr.translate.goog/android-intent-hijacking-pentest-mobile/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en
Modern iOS Security Features β A Deep Dive into SPTM, TXM, and Exclaves
https://arxiv.org/pdf/2510.09272
GhostBat RAT: Inside the Resurgence of RTO-Themed Android Malware
https://cyble.com/blog/ghostbat-rat-inside-the-resurgence-of-rto-themed-android-malware/
APK Tool GUI: GUI for apktool, signapk, zipalign and baksmali utilities
https://github.com/AndnixSH/APKToolGUI
New Pixnapping Attack allows any Android app without permissions to leak info displayed by other apps exploiting Android APIs and a hardware side channel (CVE-2025-48561).
Pixnapping is not fixed and probably affects all Androids.
PoC: Not available yet.
Video demonstrates stealing 2FA codes from Google Authenticator.
ClayRat: A New Android Spyware Targeting Russia
https://zimperium.com/blog/clayrat-a-new-android-spyware-targeting-russia
Android Physical Memory: CVE-2025-21479 Rights Elevation Record
https://dawnslab.jd.com/android_gpu_attack_cve_2025_21479/
Patch Diffing CVE-2024-23265: An iOS Kernel Memory Corruption Vulnerability
https://8ksec.io/patch-diffing-ios-kernel/
Exploit for a vulnerability in the Nothing Phone 2a/CMF Phone 1 secure boot chain (and possibly other MediaTek devices)
Info + PoC: https://github.com/R0rt1z2/fenrir
iOS Crypto Heist: iMessage Zero-Click RCE Chain (CVE-2025-31200, CVE-2025-31201)
CVE-2025-31200 is a zero-day, zero-click RCE in iOS CoreAudioβs AudioConverterService, triggered by a malicious audio file via iMessage/SMS. Exploitation bypassed Blastdoor, enabled kernel escalation (CVE-2025-31201), and allowed token theft until patched in iOS 18.4.1 (Apr 16, 2025)
Info: https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201
PoC exploit: https://www.dropbox.com/scl/fi/oerpnhq1ui3xfswsszfh2/Audio-clip.amr?rlkey=7n54m1o84poezyipxvd2f9slx&e=3&st=b1tkonvr&dl=0
Two spyware strains - ProSpy & ToSpy - masquerade as Signal and ToTok to infect Androids
https://www.welivesecurity.com/en/eset-research/new-spyware-campaigns-target-privacy-conscious-android-users-uae/
![Attacking telecom: security bugs from 2G to 5G, SMS exploits, and SS7 & Diameter protocols [presentation] https://www.youtube](data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDACgcHiMeGSgjISMtKygwPGRBPDc3PHtYXUlkkYCZlo+AjIqgtObDoKrarYqMyP/L2u71////m8H////6/+b9//j/2wBDASstLTw1PHZBQXb4pYyl+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj/wAARCAAcACgDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwBnlolqj+ayhgTjtn0pbdE8smRSI2+6zYyamgiE9gI2+oOOlReXOyYuCfLU52gctQBHdZFrwMFj37is/wCbOcVfuZRPAhRGGDz1x7VUoQFixgNw+WH7tetFT2UvkwdCSW9fpRSbGSKqQt5Z3KuDkjII96dNdKHiG1yp6ccn86sbFkuSGAICA/qarwoJbmWVySykgegoEVzqTiJTDEqjcRzzTPtZupUWRABuwcVZfTYRCAGk4JPUe3tUUVnGJAdzZDe1MC+sYRMKMCipV/1ZoqRn/9k=)
Attacking telecom: security bugs from 2G to 5G, SMS exploits, and SS7 & Diameter protocols
[presentation] https://www.youtube.com/watch?v=364R1SoGGJ4
Phones auto-connecting to "FreeWiFi_Secure" Wi-Fi network leak full IMSI in cleartext during EAP-SIM exchange
Anyone nearby with sniffer could capture it β track users, or correlate identities.
Fixed pushed disabling FreeWiFi_Secure on legacy boxes starting Oct 1, 2025.
https://7h30th3r0n3.fr/the-vulnerability-that-killed-freewifi_secure/
Silent Smishing : The Hidden Abuse of Cellular Router APIs
Cellular routerβs API was exploited to send malicious SMS messages containing phishing URLs
https://blog.sekoia.io/silent-smishing-the-hidden-abuse-of-cellular-router-apis/
Klopatra: exposing a new Android banking trojan operation with roots in Turkey
https://www.cleafy.com/cleafy-labs/klopatra-exposing-a-new-android-banking-trojan-operation-with-roots-in-turkey
