Opens profile photo
Follow
Lukas Stefanko
@LukasStefanko
Malware Researcher at Android security, malware analysis, app vulnerability research t.me/androidMalware youtube.com/c/LukasStefank
Slovak Republicwelivesecurity.com/author/lstefan…Joined December 2014

Lukas Stefanko’s Tweets

Hacking into Android in 32 seconds Samsung S7 is connected to Pixel as HID device (keyboard) that tries to brute force lock screen PIN and then download, install and launch Metasploit payload
93
4,510
Covid Android Ransomware If you installed malicious Coronavirus Tracker app that locked your smartphone and requested ransom, use "4865083501" code to unlock it. Key is hardcoded.
Quote Tweet
#ESETresearch ALERT: #COVID19 #Android #Ransomware: If you installed malicious Coronavirus Tracker app that locked your smartphone and requested ransom, use "4865083501" code to unlock it. Key is hardcoded. @LukasStefanko Details: domaintools.com/resources/blog
Image
Image
Image
19
1,518
Don't install these apps from Google Play - it's malware. Details: -13 apps -all together 560,000+ installs -after launch, hide itself icon -downloads additional APK and makes user install it (unavailable now) -2 apps are #Trending -no legitimate functionality -reported
Image
79
1,228
How easy it is to make user believe apps are highly downloaded(popular) and probably worth of trying. These are not number of app installs, these are developer names.
Image
22
937
Uninstall these apps! 15 apps with more than 400k+ installs in total found on Google Play. These apps can download additional payload and display + click on "invisible" ads. Everything is hidden from user's view.
Image
Image
Image
21
446
What is this app rating? Developer created tricky app icon to make potential users believe it has over 4 stars. Purpose of the app is to trick user into activating 3 day trial for basic photo editing app. If user forgets to cancel, it costs him €49.99/week.
Image
Image
Image
20
400
This is Bob. Bob doesn't care about his mobile privacy. Bob: - doesn't close private tabs - doesn't close browser - doesn't lock his device - face it up front in pocket - goes into public transport - take a nap Don't be like a Bob. Be smart.
Embedded video
GIF
6
396
Android Legitimate Spyware with 10M+ installs. App #Onavo owned by Facebook, is VPN service that collects your: - mobile traffic - location - installed/opened apps - visited websites This app should hide your traffic & increase privacy, instead it collects it.
Image
Image
Image
14
381
Remove is not Uninstall Found 3 apps on Google Play with over 700,000 installs that use interesting persistence technique. When user realizes app is not as described, he can only remove the app icon not uninstall the app itself. How it works I explained it in the video:
11
354
Barcode Scanner app with 5,000,000+ installs became adware. Should we be now afraid of even popular apps? Developer sold the app or took advantage? -in 8 months app reached 5M+ installs -after last update became adware -uses own lockscreen -display ads -removed from Google Play
Image
Image
Image
20
339
Android malware can send WhatsApp messages from infected device to spread itself + uses TOR. What happened in video: -request to activate accessibility service -activates device admin -set itself as default SMS app -downloads payload -downloads TOR Found month ago by
11
298
I tested over 15 fake GPS Navigation apps with over 50,000,000 installs from #GooglePlay that violate Google rules. These apps just open Google Maps or use their API without any additional value for user, except for displaying ads. Some of them don't even have proper app icon.
Image
Image
Image
14
265
Would you use AntiVirus that detect itself as risky app? This Fake Antivirus 2019 uses only blacklist & whitelist for package names of apps + permissions check. Still forget to whitelist itself.
Image
Image
22
241
Today I found 22 apps containing adware still available on Google Play with altogether 3,2M+ installs. These apps hides after launch and display fullscreen ads every time user unlocks device. Steps how to identify & remove such adware in video (1:36)
6
214
Android SMS Worm spreads in #India 🇮🇳 -spreads via SMS and WhatsApp as "Free 25GB Offer" app -only for Jio customers Goal: spread & ads monetization App in background sends SMS to contacts if they have Jio number prefix. Demo: Download + Install + Open Found by
17
202
This is how Android malware steals recovery phrase from Trust Crypto Wallet without user interaction and restricts access to victims smartphone by blocking all the actions such as removing it and seeing any unauthorized withdraws Full demo: youtu.be/cI9GbhspMYY
Quote Tweet
Image
Image
Image
Image
Some kind of crypto wallet stealer which sends your keys via Telegram. Also includes a C2 URL. Low detected: virustotal.com/gui/file/6f899 cc @malwrhunterteam
4
193
Replying to
How to prevent this happening -charge you smartphone using you own adapter if possible -don't use trivial PIN or password lock screen protection -use mobile security software that will detect Metasploit payload
6
183
Android WhatsApp Worm? Malware spreads via victim's WhatsApp by automatically replying to any received WhatsApp message notification with a link to malicious Huawei Mobile app. Message is sent only once per hour to the same contact. It looks to be adware or subscription scam.
Quote Tweet
Image
Image
Image
#Android #Banking #Trojan #Malware @malwrhunterteam @Spam404 @bl4ckh0l3z @JAMESWT_MHT #opendir Huawei Mobile #Phishing Malware: play.google.store.apps.details.settings[.pw/play/download/ "MD5: 121AB9F7C0F439274478099D9E550473" C2: https://settings[.pw/
15
189
How to uninstall "invisible icon" app? App with 500K+ installs found on Google Play using "invisible icon" trick to stay hidden from user's view. This app is not malicious, but this simple trick can be easily misused in the future. #DiscloseApp
6
165
Almost every Android phone - except for Pixel - is still vulnerable to this RCE bug. That's because Manufacturers don't push security updates right away. BTW, Samsung devices are the most popular unpatched phones on the planet.
7
168
Scareware Youtube ads "Your Phone has Virus ⚠️" techniques are misused to promote lousy Android antivirus app. BTW, this app has 100K+ installs and has been available on Google Play only since Jul 5, 2019 without any reference or web site P.S. So, my phone has 13 or 23 viruses?
Image
Image
Image
16
163
SMS worm impersonates Covid-19 vaccine free registration Android SMS worm tries to spread via text messages as fake free registration for Covid-19 vaccine - targets India 🇮🇳 It can spread itself via SMS to victim contacts with link to download this malware.
Image
Image
Image
Image
Quote Tweet
Image
Image
"Covid-19.apk" seen from India: 5522a7cc358b4193eac53e620d3baa47f385a04bf3d15d1850076cce9456d5f4
12
185
Don't be quiet, no matter who is listening. Recently discovered Android banking Trojan on Google Play by had malicious package name containing my name and hi_there message for me. If you are reading this, next time I want my profile_pic signed by you in there. :)
Image
Image
5
161