Intercept Flutter traffic on iOS and Android (HTTP/HTTPS/Dio Pinning)

Some time ago I wrote some articles on how to Man-In-The-Middle Flutter on iOS, Android (ARM) and Android (ARM64). Those posts were quite popular and I often went back to copy those scripts myself. Last week, however, we received a Flutter application where the script wouldn't work anymore. As we had the source code, it … Continue reading Intercept Flutter traffic on iOS and Android (HTTP/HTTPS/Dio Pinning)

How malicious applications abuse Android permissions

Introduction Many Android applications on the Google Play Store request a plethora of permissions to the user. In most cases, those permissions are actually required by the application to work properly, even if it is not always clear why, while other times they are plainly unnecessary for the application or are used for malicious purposes. … Continue reading How malicious applications abuse Android permissions

New mobile malware family now also targets Belgian financial apps

While banking trojans have been around for a very long time now, we have never seen a mobile malware family attack the applications of Belgian financial institutions. Until today... Earlier this week, the Italy-based Cleafy published an article about a new android malware family which they dubbed TeaBot. The sample we will take a look … Continue reading New mobile malware family now also targets Belgian financial apps

How to analyze mobile malware: a Cabassous/FluBot Case study

This blogpost explains all the steps I took while analyzing the Cabassous/FluBot malware. I wrote this while analyzing the sample and I've written down both successful and failed attempts at moving forward, as well as my thoughts/options along the way. As a result, this blogpost is not a writeup of the Cabassous/FluBot malware, but rather … Continue reading How to analyze mobile malware: a Cabassous/FluBot Case study

A closer look at the security of React Native biometric libraries

Many applications require the user to authenticate inside the application before they can access any content. Depending on the sensitivity of the information contained within, applications usually have two approaches: The user authenticates once, then stays authenticated until they manually log out;The user does not stay logged in for too long and has to re-authenticate … Continue reading A closer look at the security of React Native biometric libraries

Proxying Android app traffic – Common issues / checklist (2023)

Latest update: February 2023 During a mobile assessment, there will typically be two sub-assessments: The mobile frontend, and the backend API. In order to examine the security of the API, you will either need extensive documentation such as Swagger or Postman files, or you can let the mobile application generate all the traffic for you … Continue reading Proxying Android app traffic – Common issues / checklist (2023)