¡Ya disponible! Investigación de Telegram 2025 — los principales insights del año 
Android Security & Malware
Ir al canal en Telegram
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
Mostrar más📈 Análisis del canal de Telegram Android Security & Malware
El canal Android Security & Malware (@androidmalware) en el segmento lingüístico de Inglés es un actor destacado. Actualmente la comunidad reúne a 43 921 suscriptores, ocupando la posición 3 072 en la categoría Tecnologías y Aplicaciones y el puesto 720 en la región EEUU.
📊 Métricas de audiencia y dinámica
Desde su creación el невідомо, el proyecto ha mostrado un crecimiento acelerado, reuniendo a 43 921 suscriptores.
Según los últimos datos del 20 junio, 2026, el canal mantiene una actividad estable. En los últimos 30 días la variación de miembros fue de 233, y en las últimas 24 horas de 13, conservando un alto alcance.
- Estado de verificación: No verificado
- Tasa de interacción (ER): El promedio de interacción de la audiencia es 13.42%. Durante las primeras 24 horas tras publicar, el contenido suele obtener 3.72% de reacciones respecto al total de suscriptores.
- Alcance de las publicaciones: Cada publicación recibe en promedio 5 896 visualizaciones. En el primer día suele acumular 1 636 visualizaciones.
- Reacciones e interacción: La audiencia responde de forma activa: el promedio de reacciones por publicación es 13.
- Intereses temáticos: El contenido se centra en temas clave como cve-2025, exploit, rat, trojan, bypass.
📝 Descripción y política de contenido
El autor describe el recurso como un espacio para expresar opiniones subjetivas:
“Mobile cybersecurity channel
Links: https://linktr.ee/mobilehacker
Contact: mobilehackerofficial@gmail.com”
Gracias a la alta frecuencia de actualizaciones (últimos datos recibidos el 21 junio, 2026), el canal mantiene la vigencia y un amplio alcance. La analítica demuestra que la audiencia interactúa activamente con el contenido, lo que lo convierte en un punto de referencia dentro de la categoría Tecnologías y Aplicaciones.
43 921
Suscriptores
+1324 horas
+617 días
+23330 días
Archivo de publicaciones
Mobile subscription Trojans and their little tricks
https://securelist.com/mobile-subscription-trojans-and-their-tricks/106412/
Warning: GRIM and Magnus Android Botnets are Underground
https://www.fortinet.com/blog/threat-research/grim-magnus-android-botnets
Samsung Galaxy - Any App Can Install Any App In The Galaxy App Store CVE-2022-28776
This new intent received by the Galaxy App Store could be manipulated in such a way that the Galaxy App Store would be forced to automatically install other applications onto the victim's device without consent
https://labs.f-secure.com/advisories/samsung-galaxy-any-app-can-install-any-app/
Samsung Flow - Any App Can Read The External Storage CVE-2022-28775
A rogue application could use this issue to read contents on the device's external storage without requiring the proper Android permissions
https://labs.f-secure.com/advisories/samsung-flow-any-app-can-read-the-external-storage/
Mobile-Related Threats by Avast for Q1/2022 (Adware, Bankers, PremiumSMS, Ransomware)
https://decoded.avast.io/threatresearch/avast-q1-2022-threat-report/
NahamCon CTF 2022 Write-up: Click Me! Android challenge
https://infosecwriteups.com/nahamcon-ctf-2022-write-up-click-me-android-challenge-63ccba7cb663
Instagram Credentials Stealers: Free Followers or Free Likes
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/instagram-credentials-stealers-free-followers-or-free-likes/
Instagram Credentials Stealer: Disguised as Mod App
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/instagram-credentials-stealer-disguised-as-mod-app/
NetHunter Wi-Fi packet capturing on Android and Rubber Ducky running on smartwatches mobile combo
https://youtube.com/shorts/mepZZu78hSI
Android 13 adds a security feature that BLOCKS users from enabling accessibility services for apps they sideloaded outside of an app store. This is designed to combat banking trojans and spyware that misuse Accessibility APIs
https://blog.esper.io/android-13-sideloading-restriction-harder-malware-abuse-accessibility-apis/
Reverse engineering and analysis of a Android fiscal printer
https://www.shielder.com/blog/2022/04/printing-fake-fiscal-receipts-an-italian-job-p.1/
In 2021 Google blocked 1.2 million policy violating apps from being published on Google Play
- banned 190k malicious and spammy developer accounts in 2021
- closed around 500k developer accounts that are inactive or abandoned
https://security.googleblog.com/2022/04/how-we-fought-bad-apps-and-developers.html
PoC kernel r/w exploit for iOS 15.0 - 15.1.1 that was patched in iOS 15.2 (CVE-2021-30937) https://github.com/potmdehex/multicast_bytecopy
Google Play developers must declare what data their software collects from users of their app.
(Developers can begin declaring how collected data is used starting today, with the deadline to complete their submissions being July 20th, 2022) https://www.bleepingcomputer.com/news/security/google-play-store-now-forces-apps-to-disclose-what-data-is-collected/
Android Bianlian Botnet (AKA Hydra) Trying to Bypass Photo TAN Used for Mobile Banking
https://www.fortinet.com/blog/threat-research/android-bianlian-botnet-mobile-banking
RCE vulnerability found in Qualcomm/MediaTek chips would allow attacker to gain control over a user's multimedia data, including streaming from a compromised machine's camera (CVE-2021-0674, CVE-2021-0675, CVE-2021-30351)
Exploitation: A threat actor could have sent a song (media file) and when played by a potential victim, it could have injected code in the privileged media service. The threat actor could have seen what the mobile phone user sees on their phone.
https://blog.checkpoint.com/2022/04/21/largest-mobile-chipset-manufacturers-used-vulnerable-audio-decoder-2-3-of-android-users-privacy-around-the-world-were-at-risk/
A Year in Review of 0-days Used In-the-Wild in 2021 by Google
In 2021 there were 7 #Android in-the-wild 0-days detected and disclosed:
- Qualcomm Adreno GPU driver (CVE-2020-11261, CVE-2021-1905, CVE-2021-1906)
- ARM Mali GPU driver (CVE-2021-28663, CVE-2021-28664)
- Upstream Linux kernel (CVE-2021-1048, CVE-2021-0920)
For the 5 total #iOS and macOS in-the-wild 0-days, they targeted 3 different attack surfaces:
- IOMobileFrameBuffer (CVE-2021-30807, CVE-2021-30883)
- XNU Kernel (CVE-2021-1782 & CVE-2021-30869)
- CoreGraphics (CVE-2021-30860)
- CommCenter (FORCEDENTRY sandbox escape - CVE requested, not yet assigned)
https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html
Repost from The Bug Bounty Hunter
Mobile MitM: Intercepting your Android App Traffic On the Go
https://www.eff.org/deeplinks/2022/04/mobile-mitm-intercepting-your-android-app-traffic-go
Windows 11 ToolBox script used to add the Google Play Store to the Android Subsystem has secretly infected users with malicious scripts
https://www.bleepingcomputer.com/news/security/windows-11-tool-to-add-google-play-secretly-installed-malware/
Spyware Operation infected 63 targets with Pegasus (iOS), and four others with Candiru (Windows) spyware
-To compromise victims devices was used a previously-undisclosed iOS zero-click vulnerability called HOMAGE used by NSO Group
-Victims included Members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organisations. Family members were also infected in some cases
https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/
