Available now! Telegram Research 2025 β the year's key insights 
Android Security & Malware
Open in Telegram
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
Show moreπ Analytical overview of Telegram channel Android Security & Malware
Channel Android Security & Malware (@androidmalware) in the English language segment is an active participant. Currently, the community unites 43 921 subscribers, ranking 3 072 in the Technologies & Applications category and 720 in the USA region.
π Audience metrics and dynamics
Since its creation on Π½Π΅Π²ΡΠ΄ΠΎΠΌΠΎ, the project has demonstrated rapid growth, gathering an audience of 43 921 subscribers.
According to the latest data from 20 June, 2026, the channel demonstrates stable activity. Although there has been a change in the number of participants by 233 over the last 30 days and by 13 over the last 24 hours, overall reach remains high.
- Verification status: Not verified
- Engagement rate (ER): The average audience engagement rate is 13.42%. Within the first 24 hours after publication, content typically collects 3.72% reactions from the total number of subscribers.
- Post reach: On average, each post receives 5 896 views. Within the first day, a publication typically gains 1 636 views.
- Reactions and interaction: The audience actively supports content: the average number of reactions per post is 13.
- Thematic interests: Content is focused on key topics such as cve-2025, exploit, rat, trojan, bypass.
π Description and content policy
The author describes the resource as a platform for expressing subjective opinions:
βMobile cybersecurity channel
Links: https://linktr.ee/mobilehacker
Contact: mobilehackerofficial@gmail.comβ
Thanks to the high frequency of updates (latest data received on 21 June, 2026), the channel maintains relevance and a high level of publication reach. Analytics show that the audience actively interacts with content, making it an important point of influence in the Technologies & Applications category.
43 921
Subscribers
+1324 hours
+617 days
+23330 days
Posts Archive
Mobile subscription Trojans and their little tricks
https://securelist.com/mobile-subscription-trojans-and-their-tricks/106412/
Warning: GRIM and Magnus Android Botnets are Underground
https://www.fortinet.com/blog/threat-research/grim-magnus-android-botnets
Samsung Galaxy - Any App Can Install Any App In The Galaxy App Store CVE-2022-28776
This new intent received by the Galaxy App Store could be manipulated in such a way that the Galaxy App Store would be forced to automatically install other applications onto the victim's device without consent
https://labs.f-secure.com/advisories/samsung-galaxy-any-app-can-install-any-app/
Samsung Flow - Any App Can Read The External Storage CVE-2022-28775
A rogue application could use this issue to read contents on the device's external storage without requiring the proper Android permissions
https://labs.f-secure.com/advisories/samsung-flow-any-app-can-read-the-external-storage/
Mobile-Related Threats by Avast for Q1/2022 (Adware, Bankers, PremiumSMS, Ransomware)
https://decoded.avast.io/threatresearch/avast-q1-2022-threat-report/
NahamCon CTF 2022 Write-up: Click Me! Android challenge
https://infosecwriteups.com/nahamcon-ctf-2022-write-up-click-me-android-challenge-63ccba7cb663
Instagram Credentials Stealers: Free Followers or Free Likes
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/instagram-credentials-stealers-free-followers-or-free-likes/
Instagram Credentials Stealer: Disguised as Mod App
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/instagram-credentials-stealer-disguised-as-mod-app/
NetHunter Wi-Fi packet capturing on Android and Rubber Ducky running on smartwatches mobile combo
https://youtube.com/shorts/mepZZu78hSI
Android 13 adds a security feature that BLOCKS users from enabling accessibility services for apps they sideloaded outside of an app store. This is designed to combat banking trojans and spyware that misuse Accessibility APIs
https://blog.esper.io/android-13-sideloading-restriction-harder-malware-abuse-accessibility-apis/
Reverse engineering and analysis of a Android fiscal printer
https://www.shielder.com/blog/2022/04/printing-fake-fiscal-receipts-an-italian-job-p.1/
In 2021 Google blocked 1.2 million policy violating apps from being published on Google Play
- banned 190k malicious and spammy developer accounts in 2021
- closed around 500k developer accounts that are inactive or abandoned
https://security.googleblog.com/2022/04/how-we-fought-bad-apps-and-developers.html
PoC kernel r/w exploit for iOS 15.0 - 15.1.1 that was patched in iOS 15.2 (CVE-2021-30937) https://github.com/potmdehex/multicast_bytecopy
Google Play developers must declare what data their software collects from users of their app.
(Developers can begin declaring how collected data is used starting today, with the deadline to complete their submissions being July 20th, 2022) https://www.bleepingcomputer.com/news/security/google-play-store-now-forces-apps-to-disclose-what-data-is-collected/
Android Bianlian Botnet (AKA Hydra) Trying to Bypass Photo TAN Used for Mobile Banking
https://www.fortinet.com/blog/threat-research/android-bianlian-botnet-mobile-banking
RCE vulnerability found in Qualcomm/MediaTek chips would allow attacker to gain control over a user's multimedia data, including streaming from a compromised machine's camera (CVE-2021-0674, CVE-2021-0675, CVE-2021-30351)
Exploitation: A threat actor could have sent a song (media file) and when played by a potential victim, it could have injected code in the privileged media service. The threat actor could have seen what the mobile phone user sees on their phone.
https://blog.checkpoint.com/2022/04/21/largest-mobile-chipset-manufacturers-used-vulnerable-audio-decoder-2-3-of-android-users-privacy-around-the-world-were-at-risk/
A Year in Review of 0-days Used In-the-Wild in 2021 by Google
In 2021 there were 7 #Android in-the-wild 0-days detected and disclosed:
- Qualcomm Adreno GPU driver (CVE-2020-11261, CVE-2021-1905, CVE-2021-1906)
- ARM Mali GPU driver (CVE-2021-28663, CVE-2021-28664)
- Upstream Linux kernel (CVE-2021-1048, CVE-2021-0920)
For the 5 total #iOS and macOS in-the-wild 0-days, they targeted 3 different attack surfaces:
- IOMobileFrameBuffer (CVE-2021-30807, CVE-2021-30883)
- XNU Kernel (CVE-2021-1782 & CVE-2021-30869)
- CoreGraphics (CVE-2021-30860)
- CommCenter (FORCEDENTRY sandbox escape - CVE requested, not yet assigned)
https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html
Repost from The Bug Bounty Hunter
Mobile MitM: Intercepting your Android App Traffic On the Go
https://www.eff.org/deeplinks/2022/04/mobile-mitm-intercepting-your-android-app-traffic-go
Windows 11 ToolBox script used to add the Google Play Store to the Android Subsystem has secretly infected users with malicious scripts
https://www.bleepingcomputer.com/news/security/windows-11-tool-to-add-google-play-secretly-installed-malware/
Spyware Operation infected 63 targets with Pegasus (iOS), and four others with Candiru (Windows) spyware
-To compromise victims devices was used a previously-undisclosed iOS zero-click vulnerability called HOMAGE used by NSO Group
-Victims included Members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organisations. Family members were also infected in some cases
https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/
