Hola buenas tardes llevo tiempo buscando informacion acerca de  malware para dispositivos android,ios pero me he dado cuenta que no existe mucha informacion y pues no se si estos sistemas operativos son mas seguros o porque no se vulneran tanto. Gracias y saludos espero que tengan un buen finde semana

Hay muchos troyanos para Android.
Te recomiendo buscar sobre malware en javascript porque es multiplataforma. Tienes malware que puede correr en muchísimas máquinas, o malware más especifico para cada plataforma. Puedes utilizarlo desde infectar a un sitio web y todos sus usuarios, hasta ransomware para windows, pasando por envenenamiento de cache a través de proxies, clickjacking, injección de formularios a través de fake AP para obtener claves de wi-fi, botnets, spiders, gusanos, miners, exploits...



 https://heimdalsecurity.com/blog/javascript-malware-explained/amp/

 https://nakedsecurity.sophos.com/es/2016/06/20/ransomware-thats-100-pure-javascript-no-download-required

  https://www.hackplayers.com/2016/03/sencillo-backdoor-en-javascript-scripts.html

 https://www.pentestpartners.com/security-blog/lan-surfing-how-to-use-javascript-to-execute-arbitrary-code-on-routers/

 https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/Intruders/BRUTELOGIC-XSS-STRINGS.txt

 https://www.theregister.co.uk/2017/05/30/android_app_judy_malware/

 https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/javascript-malware-in-spam-spreads-ransomware-miners-spyware-worm

 https://github.com/HynekPetrak/javascript-malware-collection

 https://unaaldia.hispasec.com/2019/09/descubierto-malware-de-suscripcion-a-servicios-premium-en-google-play.html

 https://www.zdnet.com/article/android-security-this-malware-will-mine-cryptocurrency-until-your-smartphone-fails/

 https://heimdalsecurity.com/blog/android-malware/

 https://unit42.paloaltonetworks.com/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/

 https://www.pcmag.com/news/369472/agent-smith-android-malware-infected-25m-devices

 https://www.enisa.europa.eu/publications/info-notes/malware-in-browser-extensions

 https://threatpost.com/razy-browser-extensions-theft/141181/

 https://kjaer.io/extension-malware/

 https://atr-blog.gigamon.com/2018/01/18/malicious-chrome-extensions-enable-criminals-to-impact-half-a-million-users-and-global-businesses/

 https://github.com/chentetran/xss-keylogger

 http://websecurity247.blogspot.com/2016/07/keylogging-with-cross-site-scripting.html

 https://blog.securelayer7.net/exploiting-browsers-using-pastejacking-and-xssjacking-vulnerability/

 https://react-etc.net/entry/exploiting-speculative-execution-meltdown-spectre-via-javascript

 https://deadliestwebattacks.com/tag/javascript/

 https://blog.appsecco.com/nodejs-and-a-simple-rce-exploit-d79001837cc6?gi=897cd748c185

 https://www.owasp.org/index.php/AJAX_Security_Cheat_Sheet

 http://misclassblog.com/interactive-web-development/ajax-delivering-malware/

 https://www.redeszone.net/2016/04/12/malware-escrito-javascript-modifica-la-configuracion-los-routers/

 https://www.csoonline.com/article/3290420/html5-a-devil-in-disguise.html

 https://www.hanselman.com/blog/IfMalwareAuthorsEverLearnHowToSpellWereAllScrewedTheComingHTML5MalwareApocalypse.aspx