Sign in

The main motivation behind this article was a recent (9/2021) twitter post from @elhackernet about SARA aka a Simple Android Ransomware Attack software. As I am kinda obsessed with malware applications, I downloaded the sample and started digging around.

Here is what I found…

Once upon a time in AndroidLand

There was a time when life…


Many people who are starting to work with the Android OS are having difficulties to understand the application sandbox concept. This usually leads to misconceptions in respect to data and resource sharing between the apps which by its turn leads to unsubstantial findings and false security alarms.

The main objective…


Don’t get me wrong but I couldn’t find more appropriate title in order to describe the specific vulnerability.

I don’t know what happens when it comes to your sexual life, but I can assure you that in software development even the smallest neglect matters. …


Cracking OWASP’s Android Uncrackable Level 2

While spending some time developing some modules for MEDUSA, I decided to give a try and see how I could use this tool in order to crack some of the popular OWASP’s Android Crackmes. …


Recap

In PART 1 of this tutorial we went trough some basic theoretical concepts such as the Free Floating Windows (FFW), the SYSTEM_ALERT_WINDOW permission (SAW) and the Android’s Window Manager. Finally we created an application that implements an FFW and added a view to it. …


Introduction

Despite the fact that communication has become much easier these days, privacy and trust has been ignored for years by several industry powerhouses. …


Continue to Part 3

Recap

In PART 1 of this tutorial we went trough some basic theoretical concepts such as the Free Floating Windows (FFW), the SYSTEM_ALERT_WINDOW permission (SAW) and the Android’s Window Manager. Finally we created an application that implements an FFW and added a Button to it. …


PART 1

Or Continue to Part 2

Introduction

Overlays are not something new in IT Security. Actually, the “Cloak & Dagger” which is based on these techniques is still considered as one of the most popular attacks that affected the Android Operating System [1]. But this is just the tip of the iceberg, since overlays are used by…


The Need For Speed

Maybe the rest of the audience need some context regarding the paragraph title, but I am pretty sure that most of the malware analysts know exactly what I am talking about. …

+Ch0pin

Security Researcher, former Camel Rider, developer of https://github.com/Ch0pin/medusa

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store