¡Ya disponible! Investigación de Telegram 2025 — los principales insights del año 
Android Security & Malware
Ir al canal en Telegram
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
Mostrar más📈 Análisis del canal de Telegram Android Security & Malware
El canal Android Security & Malware (@androidmalware) en el segmento lingüístico de Inglés es un actor destacado. Actualmente la comunidad reúne a 43 915 suscriptores, ocupando la posición 3 078 en la categoría Tecnologías y Aplicaciones y el puesto 727 en la región EEUU.
📊 Métricas de audiencia y dinámica
Desde su creación el невідомо, el proyecto ha mostrado un crecimiento acelerado, reuniendo a 43 915 suscriptores.
Según los últimos datos del 17 junio, 2026, el canal mantiene una actividad estable. En los últimos 30 días la variación de miembros fue de 194, y en las últimas 24 horas de 4, conservando un alto alcance.
- Estado de verificación: No verificado
- Tasa de interacción (ER): El promedio de interacción de la audiencia es 13.17%. Durante las primeras 24 horas tras publicar, el contenido suele obtener 5.02% de reacciones respecto al total de suscriptores.
- Alcance de las publicaciones: Cada publicación recibe en promedio 5 782 visualizaciones. En el primer día suele acumular 2 204 visualizaciones.
- Reacciones e interacción: La audiencia responde de forma activa: el promedio de reacciones por publicación es 12.
- Intereses temáticos: El contenido se centra en temas clave como cve-2025, exploit, rat, trojan, bypass.
📝 Descripción y política de contenido
El autor describe el recurso como un espacio para expresar opiniones subjetivas:
“Mobile cybersecurity channel
Links: https://linktr.ee/mobilehacker
Contact: mobilehackerofficial@gmail.com”
Gracias a la alta frecuencia de actualizaciones (últimos datos recibidos el 18 junio, 2026), el canal mantiene la vigencia y un amplio alcance. La analítica demuestra que la audiencia interactúa activamente con el contenido, lo que lo convierte en un punto de referencia dentro de la categoría Tecnologías y Aplicaciones.
43 915
Suscriptores
+424 horas
+897 días
+19430 días
Archivo de publicaciones
A Year in Review of Zero-Days Exploited In-the-Wild in 2023
-In 2023, there were 97 zero-day vulnerabilities exploited, a significant rise of over 50% compared to 2022 (62 vulnerabilities)
-Espionage was the primary motive behind 48 out of 58 zero-day vulnerabilities analyzed
-Most of the zero-day vulnerabilities found last year were in phones, operating systems, and web browsers
https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Year_in_Review_of_ZeroDays.pdf
Malicious proxy malware was found in 28 apps available on Google Play Store. These trojanized apps were overall installed over 3,240,000 times
https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-proxylib-and-lumiapps-transform-mobile-devices-into-proxy-nodes
Address Sanitizer for Bare-metal Firmware
This led to early discovery of memory corruption issues that were easily remediated due to the actionable reports produced by KASan. These builds can be used with fuzzers to detect edge case bugs
https://security.googleblog.com/2024/03/address-sanitizer-for-bare-metal.html
Detecting Banker Malware Installed on Android Devices
https://itnext.io/detecting-banker-malware-installed-on-android-devices-4c96287138e2
BlueDucky automates exploitation of Bluetooth pairing vulnerability that leads to 0-click code execution
▪️automatically scans for devices
▪️store MAC addresses of devices that are no longer visible but have enabled Bluetooth
▪️uses Rubber Ducky payloads
https://www.mobile-hacker.com/2024/03/26/blueducky-automates-exploitation-of-bluetooth-pairing-vulnerability-that-leads-to-0-click-code-execution/
SSRF in Mobile Security Framework (MobSF) version 3.9.5 Beta and prior (CVE-2024-29190)
MobSF does not perform any input validation when extracting the hostnames in
android:host, so requests can also be sent to local hostnames. This can lead to server-side request forgery (SSRF). An attacker can cause the server to make a connection to internal-only services within the organization's infrastructure
https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-wfgj-wrgh-h3r3Bluetooth vulnerability allows unauthorized user to record & play audio on Bluetooth speaker via #BlueSpy
Prevention section explains how you can check if your Bluetooth LE speakers/headsets are vulnerable to this attack using nRF Connect app
https://www.mobile-hacker.com/2024/03/22/bluetooth-vulnerability-allows-unauthorized-user-to-record-and-play-audio-on-bluetooth-speakers/
Oversecured published vulnerability scan reports for 225 Google-owned apps
https://blog.oversecured.com/Oversecured-Apps-Care-Part-1-Vulnerability-disclosure-of-225-Google-apps/
Android crimeware reports on Tambir, Dwphon and Gigabud malware families
https://securelist.com/crimeware-report-android-malware/112121/
[Questionnaire] We are writing here to get some insights from dedicated malware analysis experts. We are a group of experienced researchers, and we developed a state-of-the-art sandbox for Android malware. We are absolutely convinced that it makes sense to bring this technology to the market, but we need to picture your biggest sandbox needs in your daily work. The idea is to grasp what are, in your eyes, the must-haves of a sandbox. Our goal is to shape the product accordingly and make it available in the forthcoming months/next few months. To this end, we prepared a quick (approximately 15-minutes) questionnaire, and it would really mean a lot to us if you could share your valuable feedback. Thanks to this, we hope to offer you soon a gain of efficiency, time and energy in your job.
Questionnaire: https://forms.gle/qJ9ck8UH5WQK6jAZ8
The complexity of reversing Flutter applications
https://www.fortiguard.com/events/5403/nullcon-berlin-2024-the-complexity-of-reversing-flutter-applications
[slides] https://filestore.fortinet.com/fortiguard/research/nullcon.pdf
Analysis of suspicious SMS that leads to install Android malware
https://labs.k7computing.com/index.php/suspicious-text-messages-alert/
A vulnerability (CVE-2023-6241) in the Arm Mali GPU to gain arbitrary kernel code execution from an untrusted app on a Pixel 8 with MTE enabled
https://github.blog/2024-03-18-gaining-kernel-code-execution-on-an-mte-enabled-pixel-8/
Android Phishing Scam Using Malware-as-a-Service on the Rise in India
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/android-phishing-scam-using-malware-as-a-service-on-the-rise-in-india/
LTair: The LTE Air Interface Tool
https://research.nccgroup.com/2024/03/14/ltair-the-lte-air-interface-tool/
Write-up and PoC kernel exploit affecting Pixel 7/8 Pro running Android 14 targeting Mali GPU
https://github.com/0x36/Pixel_GPU_Exploit
The State of Stalkerware in 2023
https://securelist.com/state-of-stalkerware-2023/112135/
Full report: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/03/07160820/The-State-of-Stalkerware-in-2023.pdf
Attack spectrum present in Android environments
https://blog.devsecopsguides.com/attacking-android
Analyze Android apps for security risks in Termux using APKDeepLens
-analyze downloaded or installed apps on device
-scan APKs on the go
-edit the script for custom needs
-works on any non-rooted Android
https://www.mobile-hacker.com/2024/03/11/analyze-installed-android-applications-for-security-risks-in-termux/
Analysis of an Android Malware-as-a-Service Operation (Coper aka Octo banking Trojan)
https://www.team-cymru.com/post/coper-octo-a-conductor-for-mobile-mayhem-with-eight-limbs
