Results for android

Threat Research

Cookie Maker: Inside the Google Docs Malicious Network

FortiGuard Labs recently discovered a running Google Docs malware campaign that uses the names of Fortinet and FortiGuard. When we examined the documents, we encountered a long chain of redirects inside a malicious network, and the destination of this chain was dependent on our IP and the user-agent that was used. This malicious network targets all major platforms: Windows, Android, and MacOS.

By Artem SemenchenkoNovember 21, 2018

Threat Research

How-to Guide: Defeating an Android Packer with FRIDA

FortiGuard Labs has encountered a lot of packed Android malware recently. One interesting aspect to this malware is that even though the packer being used is consistently the same, the malware that it drops changes quite frequently. In this blogpost we will demonstrate how to unpack the malware deployed by today’s most common dropper using only open-source free tools.

By Dario DurandoNovember 02, 2018

Threat Research

Fortinet Discovers New Android Apps that Mine the Unminable

Cryptocurrencies don't all work the same way. Some are minable, some aren't. For example, Ripple (XRP), Cardano (ADA) and Tether (USDT) aren't minable.

By Axelle ApvrilleOctober 11, 2018

Threat Research

An Android Package is no Longer a ZIP

Over the past few years, I have been giving workshops on Android reverse engineering - my next one will be an advanced session at Virus Bulletin in October. As with most other researchers on Android, I typically start off with a slide explaining that an Android Package (APK) is just a ZIP. Since Android 7.0, however, this is no longer true.

By Axelle ApvrilleAugust 23, 2018

Threat Research

Android/BondPath: a Mature Spyware

We have recently stumbled on several active samples of an Android spyware. They belong to a family we have named BondPath (also known as PathCall or Dingwe), which was first reported in May 2016. While our customers have been protected against that malware since 2016, in July 2018 we discovered that some samples are still in the wild and continue to be a threat to unprotected smartphones.

By Axelle ApvrilleAugust 23, 2018

Threat Research

Android Spyware Now Dropping Legit Apps?

Building on some previous research in the industry, FortiGuard Labs recently took a closer look at some Android malware impersonating the mobile version of the very popular game Fortnite.

By Dario DurandoJune 03, 2018

Threat Research

The Strange Case of Play Policy for Copyright and Security

Recently, the FortiGuard Labs team noticed that one of the most successful applications on the market, “WhatsApp Messenger” developed by “WhatsApp Inc.”, has been the target of a lot of attention by scammers and criminals alike.

By Dario DurandoNovember 08, 2017

Threat Research

A Look Into The New Strain Of BankBot

BankBot is a family of Trojan malware targeting Android devices that surfaced in the second half of 2016. The main goal of this malware is to steal banking credentials from the victim’s device. It usually impersonates flash player updaters, android system tools, or other legitimate applications. Once installed, it hides itself and then tricks the user into typing his or her credentials into fake bank web pages that have been injected onto the device’s screen.

By Dario DurandoSeptember 19, 2017

Threat Research

A Wrap Up of ToorCon 19 at San Diego

ToorCon 19 San Diego was held Monday August 28th to Sunday September 3rd, 2017 at The Westin San Diego. It included three parts. The first was training workshops focused on various aspects of computer security. These took place on Aug 28-31. The second was a Seminar held on Sep 1. The third part was the formal Conference that ran from Sep 1-3. I was honored to be able to present my research, Dig Deep into FlexiSpy for Android at ToorCon 19. FlexiSpy for Android is a spy app with full IM tracking, VoIP call recording, and live call interception....

By Kai LuSeptember 18, 2017

Threat Research

BlueBorne May Affect Billions of Bluetooth Devices

Bluetooth is one of the most widely deployed and used connectivity protocols in the world. Everything from electronic devices to smartphones uses it, as do a growing number of IoT devices. Now, a new Bluetooth exploit, known as BlueBorne, exploits a Bluetooth, making literally billions of devices potentially vulnerable to attack. BlueBorne is a hybrid Trojan-Worm malware that spreads thru the Bluetooth protocol. Because it includes worm-like properties, any infected system is also a potential carrier, and will actively search for vulnerable hosts....

By Aamir LakhaniSeptember 14, 2017