c0zzy

23 posts
RSS
Android ransomware research

Android ransomware research

Author: Yue LuoTranslated by c0zzySummaryThe ransomware is more disguised as some system function components, or some special function APP (such as porn, game plug-in, cracked applications, etc.), to trick users into installing, after

安卓勒索软件探究

安卓勒索软件探究

作者:月落前言勒索软件多伪装成一些系统功能组件,或一些特殊功能的APP(如色情、游戏外挂、正规应用破解版等),诱骗用户进行安装,在索要系统的一些权限之后,锁定用户的设备,并进行敲诈。多数勒索软件由于自身的设计或bug,以及高版本安卓系统上API的限制,即便用户交了赎金也无法成功解锁,这将直接导致数据的丢失,个人信息的泄露,甚至信用卡被盗刷,对用户造成了极大的损失。调查通过一系列的样本研究与受害者反馈,得知勒索软件通常有两种类型:锁屏类文件加密类索要赎金的形式包括但不限于:支付宝/微信转账、比特币交易、索要信用卡信息。工作原理索要设备管理器权限 Device admin是一个很危险的权限,设计之初,这个功能是用于厂家开发手机防盗功能的一个接口,只要用户安装此类APP并点击Activate,APP便具备设备管理员权限,并具备以下权限的一种或多种:加密存储禁用照相机禁用锁屏相关特性强制密码过期锁定屏幕限制可用密码类型重置密码监控密码输入的正确或错误擦除数据一旦给予了恶意应用如上权限,

安全应用程序审核 -- Lionmobi

安全应用程序审核 -- Lionmobi

由于Android生态系统对用户更加开放,因此你可以从许多来源下载和安装任何应用程序,而不仅仅是谷歌应用商店。但是,App开发人员和恶意软件作者也获得了同样的便利。安全问题始终是Android用户关心的一个重要话题,特别是对于中国用户。出于这个原因,市场上有很多针对Android发布的安全应用程序。在本系列中,我们将通过测试分析一些知名的安全移动应用程序,让非技术用户来了解它们真正的性能表现。让我们先从Play商店中一个非常受欢迎的应用程序开始:来自Lionmobi的Power Clean  -  Antivirus&Phone Cleaner App。在谷歌应用商店,你可以看到几款来自Lionmobi公司的安全和工具类应用,我们测试分析了其中所有和安全相关的应用。但是在这篇文章中我们重点关注Power Clean这个应用,因为这个应用基本包含了其他几个应用的主要功能。对于同一功能在其他应用上的性能表现是类似的,其中的代码也有很多重复。Power Clean自身拥有超过1亿下载量,从显示数据上看目前仍有超过250万活跃用户。除了此应用程序的流行程度之外,我们关注此应用程序的另一个原因是它具有非常多的安全和工具类功能,

Security APP Review - Lionmobi

Security APP Review - Lionmobi

An Anti-Virus mobile App can have fancy UI and claimed to have a lot of protections to your phone. However, non-tech users wouldn't know whether it is true or not. Let's have some reviews on some popular mobile security Apps.

Smart Contract Guardian – an online EVM decompiler

Smart Contract Guardian – an online EVM decompiler

Since I started working in the Ethereum ecosystem and auditing Ethereum smart contract in bytecode format. I have evaluated many well-known projects which claimed they can decompile EVM (Ethereum Virtual Machine) bytecode. However,

Understand EVM bytecode – Part 4

Understand EVM bytecode – Part 4

In previous section:Understand EVM bytecode – Part 1Understand EVM bytecode – Part 2Understand EVM bytecode – Part 3We have talked about how different Solidity data types are implemented in storage. For this section we will

Understand EVM bytecode – Part 3

Understand EVM bytecode – Part 3

In previous sections:Understand EVM bytecode – Part 1Understand EVM bytecode – Part 2We have talked about creation and runtime parts of the EVM bytecode. We have seen that the stack variables are commonly used

Understand EVM bytecode – Part 2

Understand EVM bytecode – Part 2

In the first section,Understand EVM bytecode – Part 1We have inspected the contract creation part of the EVM bytecode of the smart contract. In this section we will analyze the runtime EVM bytecode.

Understand EVM bytecode – Part 1

Understand EVM bytecode – Part 1

If you have started reading this article, I guess you already know what EVM stands for. So I wouldn’t spend too much time on the background of Ethereum. If you do need

Bangle Android App Packer: Unpacking & Analysis

Bangle Android App Packer: Unpacking & Analysis

Trustlook Labs has identified a malicious app which is most likely using social engineering attacks to trick users to install it. The app (MD5: eb9d394c1277372f01e36168a8587016) is packed by Bangle packer. The main activity

How to Stop Snooping Android Apps

How to Stop Snooping Android Apps

Are you worried Android apps are secretly recording what you say or what you do? A new study from computer science researchers at Northeastern University suggests you may have good reason to be