Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Lukas Stefanko Profile picture
Lukas Stefanko
@LukasStefanko
Malware Researcher at @ESET Android security, malware analysis, app vulnerability research https://t.co/te7DnuvQYm
Jan 13, 2022 4 tweets 3 min read
It's trojanized "Sathi Chat" app patched with open-source derivative of L3MON Android RAT

It impersonates working "Crazy Talk" messaging app that spies on their users.
Based on the server leak, it has over 110 victims mostly from Pakistan (based on country code of phone numbers)


Image
Image
Image This custom L3MON version appears to be a new (~end of 2021). However, it is still capable of stealing contacts, SMS, Call logs, files from smartphone with various extensions and directories, sent and received WhatsApp and Signal messages, record audio etc.
Image
Image
Mar 22, 2020 9 tweets 5 min read
Android Coronavirus SMS Worm is probably connected to developer from India 🇮🇳 #OSINT (1/8) .@Spam404Online found another domain (codebeta[.]in) with the same Android SMS Worm hosted (Get Corona Safety Mask) app. (2/8)

Source:
Sample: virustotal.com/gui/file/8a87c…
Jul 4, 2019 18 tweets 6 min read
Security without pentests Security without pentests II.
Aug 31, 2018 5 tweets 5 min read
Android Legitimate Spyware with 10M+ installs.

App #Onavo owned by Facebook, is VPN service that collects your:
- mobile traffic
- location
- installed/opened apps
- visited websites

This app should hide your traffic & increase privacy, instead it collects it. Visited web sites, launched & installed apps and others are stored in plaintext in database. Not accessible without root.