README.md

Android

Clipboard Data

• First clipper malware discovered on Google Play
• SHEIN app clipboard unintended exposure

Application Tampering/Patching

• Agent Smith

Device Rooting

• WyrmSpy and DragonEgg
• Camero - CVE-2019-2215
• AbstractEmu

Hooking

• Predator - hooking using YAHFA framework

MITM

• Predator in The Wires
• Predator
• Facebook Onavo Project

Webviews

• Vulnerability in TikTok

Screen Recording

• Malware performing screen recording

Others

• Race conditions on Android Custom Permissions (2014)
• Reverse shell without visible permissions
• Root takeover via signature spoofing in tiann/kernelsu

---

iOS

• Pushing malware via TestFlight and Web Clips
• Tricking App Store Review Into Approving Malicious Apps

Jailbreaking

• LightSpy - Using SafariRCE and performing Jailbreaking

App Cloning

• https://arstechnica.com/security/2024/02/a-password-manager-lastpass-calls-fraudulent-booted-from-app-store/

Others

• Stealing biometric Data - Trojan, which pretends to be a govt or banking app, steals biometric data. Then uses AI to augment the data and use it as biometric data on real websites
• Access sandbox/RootFS data without Jailbreak

---

In News

• Australian digital driving licenses can be defaced in minutes
• Singapore's banks to ditch texted one-time passwords