Sign in

The main motivation behind this article was a recent (9/2021) twitter post from @elhackernet about SARA aka a Simple Android Ransomware Attack software. As I am kinda obsessed with malware applications, I downloaded the sample and started digging around.

Here is what I found…

Once upon a time in AndroidLand

There was a time when life was much easier for Android Malware developers. Back in those days of Android 5 or earlier (SDK 22 ), you didn’t have to ask the user’s permission to access their personal info, you just had to declare the appropriate manifest permissions and they were magically approved. I know… it sounds…

Many people who are starting to work with the Android OS are having difficulties to understand the application sandbox concept. This usually leads to misconceptions in respect to data and resource sharing between the apps which by its turn leads to unsubstantial findings and false security alarms.

The main objective behind this article is to demystify concepts regarding one of the most important security features of Android as well as to give answers to questions like:

  • Why a cleartext username/password that you found in the shared_prefs folder is not a critical finding :) ?
  • Is it possible for an application…

Don’t get me wrong but I couldn’t find more appropriate title in order to describe the specific vulnerability.

I don’t know what happens when it comes to your sexual life, but I can assure you that in software development even the smallest neglect matters. Ah… At this point let me assure you that not any kind of age-restricted content is discussed in this article, so no need to keep your children away from the screen.


While many UI based attacks have already been analysed and published in the past, the main motive behind creating this article is to present an…

Cracking OWASP’s Android Uncrackable Level 2

While spending some time developing some modules for MEDUSA, I decided to give a try and see how I could use this tool in order to crack some of the popular OWASP’s Android Crackmes. I will try to keep this post as short as possible, so lets get right to the point…

Download and Install

Assuming that the reader has already install MEDUSA, lets download the crackme and install it using the script:

That wasn’t hard I guess, but when we try to run the application we got our first wall:


In PART 1 of this tutorial we went trough some basic theoretical concepts such as the Free Floating Windows (FFW), the SYSTEM_ALERT_WINDOW permission (SAW) and the Android’s Window Manager. Finally we created an application that implements an FFW and added a view to it. In PART 2 we rendered our FFW “independent” from the parent activity and focused on its look, size and position on the screen.

In this, final part of the tutorial, we are going to cover more advanced topics in regards to the FFW appearance and see how an application may use these techniques to literally ‘imitate’…


Despite the fact that communication has become much easier these days, privacy and trust has been ignored for years by several industry powerhouses. During the last few years, revelations about mass surveillance have made consumers more privacy aware, thus the necessity of developing a security protocol that provides end to end encryption for instant messaging is now most imperative.

The Signal Protocol, described as an “end-to-end ratcheting forward secrecy protocol that works in synchronous and asynchronous messaging environments” [1] has recently been adopted by most of the messaging applications, including WhatsApp, Facebook Messenger etc.

The specific document focuses on the…

Continue to Part 3


In PART 1 of this tutorial we went trough some basic theoretical concepts such as the Free Floating Windows (FFW), the SYSTEM_ALERT_WINDOW permission (SAW) and the Android’s Window Manager. Finally we created an application that implements an FFW and added a Button to it. In this part we are going to go a little bit further and play with the “look and feel” of our “construction” , starting to understand how this feature can be abused in a malicious way.

Parental (Un)Control

Before we start, let’s first add a single line of code that will help us get…


Or Continue to Part 2


Overlays are not something new in IT Security. Actually, the “Cloak & Dagger” which is based on these techniques is still considered as one of the most popular attacks that affected the Android Operating System [1]. But this is just the tip of the iceberg, since overlays are used by various types of malware including banking trojans, spyware, privilege escalation, ad-frauds or even ransomware [2,3,4,5]. While experience so far showed the opposite, the ability of an application to draw on top of others, is still not considered as dangerous. After all, vulnerabilities “playing” with the user interface were always considered…

The Need For Speed

Maybe the rest of the audience need some context regarding the paragraph title, but I am pretty sure that most of the malware analysts know exactly what I am talking about. So…yes, speed is a critical factor when it comes to malware analysis especially when you have pile up a big number of apps in your queue and you have to identify potential malware activity for each one of them.

This need was my motivation when I started MEDUSA which was created taking under consideration the day-to-day tasks of a malware analyst. In this write-up, grabbing the chance that was…


Security Researcher, former Camel Rider, developer of

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store