@cryptaxTesting Restricted Settings of Android 13 on an emulatorAndroid 13 introduced a new security measure called “Restricted Settings”. The measure is meant to limit access to notification settings…3 min read·Apr 4, 2024----
@cryptaxPhishing attempt on French e-tollsYesterday, I received a well-crafted phishing attempt email targeting users of a French e-toll company. While this email contains no mobile…2 min read·Mar 21, 2024----
@cryptaxWhat makes a good CTF challenge?A Capture The Flag (CTF) challenge is a specific task or problem designed to test participants’ skills in various areas of cyber-security…3 min read·Mar 18, 2024----
@cryptaxAndroid/SpyNote bypasses Restricted Settings + breaks many RE toolsToday, I reversed an Android spyware with multiple tricks. The malware has been discovered by @malwrhunterteam 2 days ago.5 min read·Feb 19, 2024--1--1
@cryptaxA simple infostealer for beginnersMost Android malware are packed and obfuscated nowadays. From time to time, it’s nice to reverse a simple one 😆. This one was found at the…3 min read·Feb 9, 2024----
@cryptaxAndroid/Phoenix authors, claims, sample identification and trendsThe Android/Phoenix botnet (see reverse engineering post here) was advertised underground in May 2023, and on GitHub and Telegram. The…3 min read·Feb 8, 2024----
@cryptaxReverse engineering of Android/PhoenixAndroid/Phoenix is a malicious Remote Access Tool. Its main goal is to extensively spy on the victim’s phone (grab all screenshots, steal…6 min read·Feb 6, 2024----
@cryptaxOrganizing malware analysis with Colander: example on Android/WyrmSpyWhen I analyze a malware, I keep side by side an ugly text file where I write down my reversing notes. Unfortunately, my notes are usually…6 min read·Dec 18, 2023----
@cryptaxBad Zip and new Packer for Android/BianLianI got my hands on a new sample of Android/BianLian (sha256: 0070bc10699a982a26f6da48452b8f5e648e1e356a7c1667f393c5c3a1150865), a banking…6 min read·Dec 14, 2023----
