Telegram Phishing Campaign Analysis
- Nov 24, 2023...more
- Jun 7, 2023...more
This is a two part series. Stay tuned for Part 2.
Over the years, I have been involved in developing agent applications for iOS & Android that run on the user’s device to do many things. From mobile device managment to threat defense agent apps. These applications are complicated. They are resource intensive, hard to maintain & harder to distribute. Some enterprise customers are willing to look past these “inconveniences” as endpoint security is vital for their day-to-day operations. Consumers on the other hand have different sets of expectations. Primarily, ease of use & privacy. Most tech-savvy (normies included;)) individuals don’t like to install an app that “Scans” their device. Trust is expensive and I have paid the price in many ways trying to explain away the problem and trying to convince users of the benefit. It doesn’t always work.
- Aug 17, 2022...more
Detecting mobile compromise is not easy. Mobile OSs put heavy restrictions on what can be done by an app or analysis tool. Even though the intention is good, it limits the available options for blue team engineers to evaluate and protect the device. Over the years sophisticated tools like MagikHide, LibertyOS, HideJB, etc have found ways of masking root & jailbreak making detection even harder.
- May 30, 2022...more
In this post, I will give introduction to Pwned Report. A side project I have been working on that scans your device for vulnerability or suspected compromise. More than ever, people are aware attackers can take over their devices using sophisticated methods. But, it’s mere suspicion for most. Phrases like my phone going haywire, some app is eating my data, my battery is not lasting long, etc are potential signs of compromise either by malware or an unauthorized party.
- Jul 10, 2021...more
Banking trojans are a class of trojans that target financial apps to steal user’s credentials to commit some kind of banking fraud. Different trojans employ different kinds of techniques to trick users into providing their credentials.
- Apr 25, 2021...more
Hunting malware has largely been about a specific vendor. Symantec, Lookout and the likes develop different engines capable of detecting malware samples. They do this either by looking up the hash of the file on their database or detonating it in a secure VM and observing the results.