Mobile Hacker's Avatar

Mobile Hacker

@mobilehacker.bsky.social

Mobile Offensive Security Android malware analysis https://mobile-hacker.com

216 Followers  |  1 Following  |  39 Posts  |  Joined: 28.11.2023  |  1.5909

Latest posts by mobilehacker.bsky.social on Bluesky

Post image

CVE-2025-10184 is permission bypass that affects multiple OnePlus devices running OxygenOS 12–15 (NOT FIXED) with PoC
This vulnerability allows any application installed on the device to read SMS/MMS without permission, user interaction, or consent.
www.rapid7.com/blog/post/cv...

25.09.2025 12:55 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Deobfuscating Android Apps with Androidmeda: A Smarter Way to Read Obfuscated Code I came across a new toolβ€”Androidmedaβ€”that caught my attention. It attempts to deobfuscate decompiled Android code using a large language model (LLMs). I decided to give it a try, and to my surprise, t...

Deobfuscating Android Apps with Androidmeda LLM: A Smarter Way to Read Obfuscated Code

βœ…As a bonus, example of deobfuscating Crocodilus Malware
www.mobile-hacker.com/2025/07/22/d...

23.07.2025 08:14 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
How To Turn Old Android Smartphone into Travel Router With NAS Mobile Hacker It’s not perfect, but it worksβ€”a clever DIY project that blends portability, privacy, and practicality.

How To Turn Old Android Smartphone into Travel Router With NAS
www.mobile-hacker.com/2025/07/21/h...

21.07.2025 08:39 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Remote Input Injection vulnerability in Air Keyboard iOS App Still Unpatched On June 13, 2025 was disclosed vulnerability in the iOS version of the Air Keyboard app that exposes users to remote input injection over Wi-Fi. The flaw, documented in CXSecurity Report, allows an at...

Keyboard Input Injection vulnerability in Air Keyboard iOS App Still Unpatched
www.mobile-hacker.com/2025/07/17/r...

17.07.2025 07:41 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Offline, Encrypted, and Private Messaging using new Bitchat Bluetooth App Bitchat app is designed for private, secure communication without needing the internet. Instead, it uses a Bluetooth mesh network, meaning your messages travel directly between nearby phones β€” no serv...

The first version of Bitchat Android app was published yesterday

It is open-source, private, secure messaging app without needing the internet, that relies on Bluetooth mesh network
www.mobile-hacker.com/2025/07/10/o...

10.07.2025 09:56 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Post image

How to Install Gemini CLI on Android using Termux
www.mobile-hacker.com/2025/07/09/h...

09.07.2025 07:31 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Vibe Hacking with Nmap using Android
www.mobile-hacker.com/2025/07/07/v...

07.07.2025 08:57 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Introducing FileFix – A New Alternative to ClickFix Attacks A new browser attack vectors just dropped, and it’s called FileFix β€” an alternative to the well-known ClickFix attack. This method, discovered and shared by mrd0x, shows how attackers can to execute c...

FileFix – New Alternative to ClickFix Attack
www.mobile-hacker.com/2025/06/24/i...

24.06.2025 14:53 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
How to Run ADB and Fastboot on a Non-Rooted Android Smartphone Using Termux Thanks to Termux and the clever termux-adb project, you can run ADB and Fastboot directly from your phone β€” no computer needed. This guide breaks down how to install it, how it works, and practical us...

How to use ADB & fastboot in Termux without root

You can use non-rooted Android to unlock bootloader, run ADB commands, remove bloatware, flash ROM, or even root another Android
www.mobile-hacker.com/2025/06/16/h...

16.06.2025 07:33 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Stryker App Goes Free: The Ultimate Mobile Pentesting Toolkit Stryker is a powerful mobile app that transforms your Android device into a pentesting workspace. Designed to help you test networks and devices for common vulnerabilities without requiring specialize...

Stryker - Android pentesting app with premium access now free until 2050!
Scan networks, launch exploits, and test web appsβ€”all from your phone
Bonus: includes a list of suggested WiFi adapters and SimpleUSB tool for identifying USB devices on the go
www.mobile-hacker.com/2025/06/12/s...

12.06.2025 09:45 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Seeker: How a Simple Link Can Reveal Your Smartphone’s Location What if someone could pinpoint your smartphone's location and gather detailed device information without you ever installing a malicious app? This is precisely what the Seeker tool is designed to demo...

Locating Smartphones Using Seeker: How a Simple Link Can Reveal Your Smartphone’s Location
www.mobile-hacker.com/2025/06/10/s...

10.06.2025 23:28 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Transform Your Old Smartphone into a Pocket Cyberdeck with Kali NetHunter This setup serves as a convenient alternative to carrying a full-sized laptop or struggling with a smartphone’s virtual keyboard for complex technical tasks. It offers comfortable typing and an effici...

Transform Your Old Smartphone into a Pocket Cyberdeck with Kali NetHunter

Tutorial on how to 3D-print a minimalist palmtop-style case for Google Pixel 3 XL and install NetHunter on it with custom kernel
www.mobile-hacker.com/2025/06/06/t...

06.06.2025 06:48 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Analysis of Spyware That Helped to Compromise a Syrian Army from Within This case demonstrates that effective smartphone espionage doesn't always require expensive zero-day exploits or the development of sophisticated, custom and undetected spyware. Instead, attackers can...

Analysis of Spyware That Helped to Compromise a Syrian Army from Within
πŸ‘‰ Smartphone espionage doesn’t need expensive exploits. Cheap tools like SpyMax with targeted phishing a social engineering can breach even military targets - no 0-days required
www.mobile-hacker.com/2025/06/05/a...

05.06.2025 08:10 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Security Issues Found in preinstalled apps on Android Smartphones Security researchers have uncovered several critical vulnerabilities in applications preloaded on Ulefone and KrΓΌger&Matz Android smartphones. These flaws, reported by CERT Polska, expose users to sig...

Vulnerabilities Found in Preinstalled apps on Android Smartphones

3rd party app installed on a device could misuse vulnerabilities to:
βœ…perform factory reset of device
βœ…exfiltrate PIN code
βœ…inject an arbitrary intent with system-level privileges
www.mobile-hacker.com/2025/06/02/s...

02.06.2025 09:37 β€” πŸ‘ 0    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
HackRF PortaPack H4M with Mayhem Firmware – A Powerful Handheld SDR Toolkit In the Q4 of 2024, a new SDR (Software Defined Radio) was released: the HackRF PortaPack H4M, shipping with the Mayhem firmware. Whether you’re a hobbyist, hacker, ham radio enthusiast, or security re...

I was playing around with new and smaller HackRF PortaPack H4M.
In a summary blog, you can find what's new with H4M, how to flash it, copy necessary data, and a couple of use-cases.
www.mobile-hacker.com/2025/05/19/h...

19.05.2025 13:09 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Feberis Pro: The Ultimate 4-in-1 Expansion Board for Flipper Zero In a previous blog post, I introduced Feberis, a versatile expansion board that enhanced the capabilities of the Flipper Zero by offering additional communication protocols. Now, I am excited to dive ...

Feberis Pro: I have tested a new 4-in-1 Expansion Board for Flipper Zero
www.mobile-hacker.com/2025/03/31/f...

31.03.2025 11:36 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
EvilLoader: Unpatched Telegram for Android Vulnerability Disclosed A newly disclosed in Telegram for Android, dubbed EvilLoader, allows attackers to disguise malicious APKs as video files, potentially leading to unauthorized malware installations on users' devices.

EvilLoader: Yesterday was published PoC for unpatched vulnerability affecting Telegram for Android.
The exploit has been sold on underground forum since January 2025.
βœ…Don't install external players if requested by received corrupted video file on Telegram.
www.mobile-hacker.com/2025/03/05/e...

05.03.2025 08:41 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Building a Portable Kali Box with Raspberry Pi and Touchscreen In this guide, I will walk you through the process of setting up a Raspberry Pi with a 3.5-inch touchscreen running Kali Linux. This compact yet powerful setup is perfect for on-the-go penetration tes...

How to build portable Kali box with Raspberry Pi and Touchscreen

βœ…installation process
βœ…install drivers and switch output to touchscreen
βœ…allow auto-login
βœ…enable SSH as root
βœ…setup virtual keyboard
www.mobile-hacker.com/2025/02/26/b...

26.02.2025 10:50 β€” πŸ‘ 3    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
Bettercap on Android: A Portable Network Security Toolkit This setup is not only lightweight and portable but also ensures that a pentester can operate in plain sight, appearing as just another person on their phone. In this guide, we'll show you how to inst...

60-pages guide on how to use Bettercap on Android
www.mobile-hacker.com/2025/02/21/b...

21.02.2025 09:43 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Evil Crow RF: A Portable Radio Frequency Device This tool expands your smartphone’s capabilities, allowing you to dive into RF analysis, penetration testing, and signal manipulationβ€”bringing mobile hacking to a whole new level.

Evil Crow RF: A Portable Radio Frequency Device compatible with Flipper Zero Sub-GHz file format
www.mobile-hacker.com/2025/02/11/e...

11.02.2025 07:39 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

It is lilygo t-dongle

24.01.2025 15:06 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
USB Army Knife: The Ultimate Close Access Penetest Tool Whether you want to transform into a USB Ethernet adapter and capture network traffic, create custom user interface for your attacks, or use covert storage devices, the USB Army Knife has you covered.

USB Army Knife: Close Access Pentest Tool

It is capable of remote keystroke injection, VNC, USB network adapter, EvilAP, Marauder, record microphone, controlled over web interface with fancy LCD screen
www.mobile-hacker.com/2025/01/24/u...

24.01.2025 09:24 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 2    πŸ“Œ 0
Video thumbnail

Boost Flipper Zero with FEBERIS: 3-in-1 SubGhz, NRF24, and WiFi board
www.mobile-hacker.com/2025/01/09/b...

09.01.2025 08:43 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Video thumbnail

Explore #Marauder firmware on Cheap Yellow Display with all of its features πŸ‘‡
www.mobile-hacker.com/2024/12/23/e...

03.01.2025 11:51 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Video thumbnail

Install and run any firmware (Marauder, Bruce, Ghost ESP...) on ESP32 devices without using computer with M5Stick Launcher
www.mobile-hacker.com/2024/12/29/r...

29.12.2024 14:06 β€” πŸ‘ 9    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
Exploring Marauder, Bruce, and Ghost ESP on Cheap Yellow Device In this blog, I will focus on the most popular offensive security projects such as Marauder, Bruce and Ghost ESP to get most of this device and compare them in the end.

Exploring Marauder, Bruce, and Ghost ESP on Cheap Yellow Device
www.mobile-hacker.com/2024/12/23/e...

24.12.2024 08:33 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Detect ARP spoofing attack using Android app ARP spoofing attacks are often used in combination with other types of attacks, such as DNS spoofing, SSL stripping, and more. These attacks can be used to steal sensitive information, launch phishing...

How to detect ARP spoofing attacks using Android app
www.mobile-hacker.com/2024/12/16/d...

16.12.2024 07:35 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 1
Preview
Bluetooth and Wi-Fi Jamming using Flipper Zero Jamming is a technique used to disrupt wireless communications by overwhelming the signal with interference. This blog post explores the concept of jamming using Flipper Zero, how it works, its applic...

Bluetooth and Wi-Fi Jamming using Flipper Zero
www.mobile-hacker.com/2024/12/12/b...

12.12.2024 14:27 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Cybercriminals Use NFC Relay to Turn Stolen Credit Cards into Cash without a PIN Mobile Hacker ThreatFabric has identified a new cash-out tactic that wasn’t seen before called β€œGhost Tap”, which cybercriminals use to exploit stolen credit card details linked to mobile payment services like Goog...

How cybercriminals use NFC Relay to Turn Stolen Credit Cards into Cash without a PIN
www.mobile-hacker.com/2024/12/02/c...

02.12.2024 15:17 β€” πŸ‘ 1    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
Smartphone scareware: cracked screen as a result of virus This new technique mimics a cracked screen that is a result of a fake virus infection as visible in the video below

Mobile #scareware now mimics cracked smartphone screen as a result of a fake virus infection
www.mobile-hacker.com/2024/11/27/s...

27.11.2024 09:21 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

@mobilehacker is following 1 prominent accounts