Intercepting traffic on Android with Mainline and Conscrypt

TL;DR: The AlwaysTrustUserCerts module now supports Android 7 until Android 16 Beta. If you want to learn more about Mainline, Conscrypt and how everything works together, keep reading! Intro To properly test the backend of any mobile application, we need to intercept (and modify) the API traffic. We could use Swagger or Postman files if … Continue reading Intercepting traffic on Android with Mainline and Conscrypt →

Intercept Flutter traffic on iOS and Android (HTTP/HTTPS/Dio Pinning)

Some time ago I wrote some articles on how to Man-In-The-Middle Flutter on iOS, Android (ARM) and Android (ARM64). Those posts were quite popular and I often went back to copy those scripts myself. Last week, however, we received a Flutter application where the script wouldn't work anymore. As we had the source code, it … Continue reading Intercept Flutter traffic on iOS and Android (HTTP/HTTPS/Dio Pinning) →

How malicious applications abuse Android permissions

Introduction Many Android applications on the Google Play Store request a plethora of permissions to the user. In most cases, those permissions are actually required by the application to work properly, even if it is not always clear why, while other times they are plainly unnecessary for the application or are used for malicious purposes. … Continue reading How malicious applications abuse Android permissions →

New mobile malware family now also targets Belgian financial apps

While banking trojans have been around for a very long time now, we have never seen a mobile malware family attack the applications of Belgian financial institutions. Until today... Earlier this week, the Italy-based Cleafy published an article about a new android malware family which they dubbed TeaBot. The sample we will take a look … Continue reading New mobile malware family now also targets Belgian financial apps →

How to analyze mobile malware: a Cabassous/FluBot Case study

This blogpost explains all the steps I took while analyzing the Cabassous/FluBot malware. I wrote this while analyzing the sample and I've written down both successful and failed attempts at moving forward, as well as my thoughts/options along the way. As a result, this blogpost is not a writeup of the Cabassous/FluBot malware, but rather … Continue reading How to analyze mobile malware: a Cabassous/FluBot Case study →

A closer look at the security of React Native biometric libraries

Many applications require the user to authenticate inside the application before they can access any content. Depending on the sensitivity of the information contained within, applications usually have two approaches: The user authenticates once, then stays authenticated until they manually log out; The user does not stay logged in for too long and has to … Continue reading A closer look at the security of React Native biometric libraries →