mobile security
Inside BeatBanker / BTMOB: Static Analysis of TV_V_23.apk, a Multi-Stage Android Banking Malware Platform
A static analysis of TV_V_23.apk, a multi-stage Android banking malware platform attributed with high confidence to the BeatBanker / BTMOB cluster. Distributed as a trojanized fork of the open-source LumoLight flashlight app, the sample chains a native bootstrap, a Firebase-driven orchestrator, a cryptominer-and-keepalive helper, and a full operator RAT with accessibility abuse, screen capture, and runtime-configurable banking-app targeting. Covers the full infection chain, anti-analysis design, attribution, IOCs, and defender recommendations.
Tue 28 April 2026
Android Intent Redirection: Attack Vectors and Mitigations
A deep dive into Android intent redirection vulnerabilities, showing how exported “proxy” compone...
Thu 23 April 2026
DORA Third‑Party Risk for Mobile AppSec: SDK Governance and Audit‑Ready Evidence Packs
A deep dive into DORA-focused third‑party risk for mobile AppSec, showing why embedded SDKs and r...
Tue 14 April 2026
Announcing Ostorlab for Harness: Mobile Security Scanning in CI Pipelines
Ostorlab now integrates with Harness CI to run automated mobile application security scans inside...
Mon 06 April 2026
Announcing Ostorlab for Bitrise: Mobile security scans in your CI
Ostorlab now integrates with Bitrise to run automated mobile application security scans inside CI workflows. Using a Bitrise Secret plus a simple Script step, teams can install the Ostorlab CLI and run ostorlab ci-scan run against the same build artifacts produced by the pipeline (e.g., Android APK, Android AAB, or iOS IPA). The integration helps shift security left by shortening feedback loops and catching vulnerabilities earlier, with options to tailor scans via profiles (fast, full, agentic deep scan) and optional inputs like test credentials, SBOM, and UI prompts.
Mobile Operational Resilience Under DORA: The simplest drill library for BFSI journeys
A mobile-first guide to DORA compliance for BFSI teams. Learn how to define your scope, simplify your release process, and avoid the traps that create unnecessary compliance work.
Latest posts
DORA Compliance for Mobile Releases: The easiest baseline, verdict, and exceptions model
A mobile-first guide to DORA regulation and DORA compliance for BFSI teams. Learn how to define your scope, simplify your release process, and avoid the traps that create unnecessary compliance work.
Tue 10 March 2026
DORA Compliance for Mobile Teams: Understanding scope and what you need to do
A mobile-first guide to DORA regulation and DORA compliance for BFSI teams. Learn how to define your scope, simplify your release process, and avoid the traps that create unnecessary compliance work.
Tue 03 March 2026
[Online Event] Security of 3rd party dependencies in Mobile Applications
Mobile applications assessments, automation of 3rd party dependency review
Fri 12 June 2020