Mobile Security

New Malicious #Downloader in @GooglePlay 🤦‍♀️ play.google.com/store/apps/det… This is NOT a File Manager but a malicious downloader dropping #Banker #ReBot aka #Anatsa or #TeaBot or #Toddler Uninstall ASAP and don't let it install any "updates" FYI @malwrhunterteam @androidmalware2

📊 Israel–Iran Cyber Conflict Update — 1,074 Attacks Recorded Our latest analysis of the ongoing cyber conflict (Feb 28 – Mar 22, 2026) shows a continued surge in activity across multiple regions and sectors. Key Metrics: • Total incidents: 1,074 • Attacks targeting Israel: 430 (~40%) • Threat actor groups observed: 38 • Countries impacted: 23 • DDoS rate: 84.8% (dominant attack method) Top targeted countries: 🇮🇱 Israel (430) 🇰🇼 Kuwait (130) 🇧🇭 Bahrain (70) 🇨🇾 Cyprus (68) 🇷🇴 Romania (51) Most active groups: NoName057(16), 313 Team, Keymous Plus, DieNet, Hider_Nex Most targeted sectors: Government, Financial Services, Defense, Transportation, Energy Key Observations: • Israel remains the primary target • ICS/SCADA activity indicates growing focus on critical infrastructure • Pro-Iranian and pro-Russian hacktivist coalitions are operating across multiple regions simultaneously • Gulf states are increasingly targeted as secondary fronts #CyberWar #CyberThreatIntelligence #Hacktivism #Infosec #CyberSecurity #ThreatIntel #DarkWeb #OSINT #IranIsrael #CyberConflict

🚨 FBI Seizes Handala-Linked Domain in Cyber Operation The domain handala-redwanted[.]to has been seized by the FBI following a court-authorized action by the U.S. District Court for the District of Maryland. According to the seizure notice, the infrastructure was allegedly used to conduct or support malicious cyber activities in coordination with a foreign state actor, including potential network intrusions and infrastructure targeting. The seizure is part of an ongoing effort by U.S. law enforcement to disrupt hostile cyber operations and prevent further exploitation. ⚠️ Authorities warn that individuals assisting or attempting to restore such infrastructure may face criminal prosecution under U.S. law. #CyberCrime #CyberThreatIntelligence #Infosec #CyberSecurity #ThreatIntel #DarkWeb #OSINT #FBI #CyberOperations

Syscall Tracer🔥🔥 Sometimes it’s useful to observe the system calls happening inside a given target process. Especially if the target includes some kind of Frida detection, root detection, or any other kind of Runtime Application Self-Protection (RASP). frida.re/news/2026/03/0…

הבוקר נפרץ אתר האקדמיה ללשון העברית, ופורסמה הודעה שלפיה בקרוב לא יהיה עוד צורך ללמוד עברית. ‍‍ ‍‍‍‍‍‍‍‍ גם הפרצנים שפרצו לאתר מבינים שהשפה העברית היא חלק בלתי נפרד מן התנועה הציונית, והיא נדבך חשוב בתרבות, בהוויה ובזהות הישראלית. ‍‍ ‍‍‍‍‍‍‍‍ ‍ האירוע מטופל בשיתוף מערך הסייבר הלאומי, ואנו פועלים להשבת האתר לפעילות תקינה בהקדם. ‍‍ ‍‍‍‍‍‍‍‍ ‍ ולחברים שפרצו לנו הלילה לאתר – מסר חשוב מאיתנו: ‍‍ ‍‍‍‍‍‍‍‍ ‍ אנחנו לא לומדים עברית כי אנחנו צריכים אותה, אנחנו לומדים עברית כי אנחנו אוהבים אותה. 😍 عبری یاد گرفتن ما نه به خاطر نیاز ه، بلکه به خاطر عشق به زبان عبریه. 😍 لا نتعلم اللغة العبرية لاننا نحتاج اليها. نتعلم اللغة العبرية لاننا نحبها. 😍 We don't learn Hebrew because we need it, we learn Hebrew because we love it. 😍

A New Android Trojan is Hijacking PIX Payments in Real Time 🏦 Our #zLabs team has identified #PixRevolution, malware that waits for a PIX payment, then replaces transaction details before the transfer completes. Read more: okt.to/0FlcZI (

Israel 🇮🇱 - Shlomo Insurance Company has allegedly been breached by the KillSec ransomware group, which is threatening to leak sensitive documents including vehicle registration licenses and personal details. dailydarkweb.net/shlomo-insuran…

Israel 🇮🇱 - Israel Institute for National Security Studies (INSS) was allegedly breached by Handala Hack Team, claiming access to classified documents, confidential correspondence, and secret recordings. dailydarkweb.net/inss-cyberatta…

A propaganda poster attributed to the “Cyber Jihad Movement” is circulating online, calling for a global cyber campaign against the United States, Israel, and several other governments. The message urges supporters to conduct cyber disruptions targeting government institutions, financial systems, and public agencies worldwide. The poster also references participation in the Iran-U.S. conflict narrative and cooperation with pro-Iranian hacker movements.

🔴Live: Mobile Hacking Conference | Day 2 youtube.com/watch?v=CfioCI…

Android 17 Beta 2 drops today! This update delivers a range of new capabilities, including system-level user experience improvements like the EyeDropper API and a privacy-preserving Contacts Picker. Check out what's new → goo.gle/4qSofiZ

New Magisk release!

Analysis of PromptSpy: The First Android Malware Powered by GenAI welivesecurity.com/en/eset-resear…

🚨 NFCShare: new Android malware abusing NFC A fake banking update APK steals NFC payment card data + PIN via a bogus verification flow, then exfiltrates via WebSocket C2. Read the full analysis + IOCs: d3lab.net/nfcshare-andro… #AndroidMalware #MobileSecurity #ThreatIntel

@a1exeremin @ThreatFabric Thanks!

@Nethanella @ThreatFabric @Nethanella here is an example of a dropper that installs Herodotus payload virustotal.com/gui/file/b072a…

📜 𝐇𝐞𝐫𝐨𝐝𝐨𝐭𝐮𝐬: 𝐓𝐡𝐞 𝐌𝐚𝐥𝐰𝐚𝐫𝐞 𝐓𝐡𝐚𝐭 𝐖𝐚𝐧𝐭𝐬 𝐭𝐨 𝐁𝐞 𝐇𝐮𝐦𝐚𝐧 Unlike traditional banking Trojans, Herodotus doesn’t just steal credentials – 𝐢𝐭 𝐩𝐫𝐞𝐭𝐞𝐧𝐝𝐬 𝐭𝐨 𝐛𝐞 𝐡𝐮𝐦𝐚𝐧. 👉 Read the full blog here: hubs.ly/Q03QmJjP0

New scrape: Instagram allegedly had 17M rows of largely public data scraped from an API and posted to a hacking forum this week. 6.2M rows also included an email address, and some rows a phone number. 100% were already in @haveibeenpwned. Read more: haveibeenpwned.com/Breach/Instagr…

Reverse engineering is regulated, not a gray area. This paper explains when it is legal across regions and how it applies to telecom security. Read: p1sec.com/white-paper/re…

@CSIRT_KNF Can you share IOCs?

🚨 Uwaga! Ostrzegamy przed kampanią wymierzoną w użytkowników urządzeń mobilnych z systemem Android. Oszuści przygotowali fałszywą aplikację mobilną „Klucz bezpieczeństwa Pekao”. 🕵️‍♂️ Malware po uruchomieniu wymaga od użytkownika zainstalowania dodatkowego pakietu przedstawiającego się jako Komponent Play. W rzeczywistości instalacja wiąże się z umieszczeniem na urządzeniu ofiary oprogramowania wnioskującego o przyznanie uprawnień do tzw. ułatwień dostępu. 💡Wstępna analiza wykazała, że fałszywa aplikacja może próbować uzyskać zdalny dostęp do urządzenia ofiary za pośrednictwem VNC. 🔐 Nie dajcie się oszukać i pamiętajcie o instalacji aplikacji tylko z zaufanych źródeł.

Maybe @HDFC_Bank wants to comment on how/why a signature with their name, "HDFC Bank Limited", is used to sign all kind of iOS shits? 🤷‍♂️

Amazing work @LiorKesh @LucidBitLabs 👏