Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Research #113

Open
wants to merge 21 commits into
base: research
Choose a base branch
from
Open

Research #113

wants to merge 21 commits into from

Conversation

Malpaga
Copy link

@Malpaga Malpaga commented Feb 7, 2023

No description provided.

jvoisin and others added 21 commits December 20, 2022 20:27
@jvoisin
Updating generated indicator files and README
d482820
@jvoisin
Remove the broken CI from the master branch
929671d
Updating generated indicator files and README
e503f48
Updating generated indicator files and README
4908ae7
Updating generated indicator files and README
b224d28
Updating generated indicator files and README
7dd4c82
Updating generated indicator files and README
54d9287
Updating generated indicator files and README
ed669e9
Updating generated indicator files and README
cd139aa
Updating generated indicator files and README
e0c8388
Updating generated indicator files and README
f1fc4a5
Updating generated indicator files and README
aacb4dd
Updating generated indicator files and README
c46716c
Updating generated indicator files and README
af3028f
Updating generated indicator files and README
9b41d40
@Te-k
Adds check_apk script
7e1e188
Updating generated indicator files and README
f808b5c
Updating generated indicator files and README
a069e94
@Te-k
Adds tools
f8c0be3
Updating generated indicator files and README
d56943a
@Malpaga
added package name for ASpy
71e414a 
com.sec.android.roluqen
@Malpaga
Copy link
Author

Malpaga commented Feb 7, 2023

While testing a stalkerware detection tool on ASpy, I noticed that the package name used was not listed and thus could not be flagged.

@jvoisin
Copy link
Collaborator

jvoisin commented Feb 7, 2023

Can you provide the sample?

@jvoisin jvoisin self-assigned this Feb 7, 2023
@Malpaga
Copy link
Author

Malpaga commented Feb 9, 2023

Would the apk used for installation be sufficient ?

@jvoisin
Copy link
Collaborator

jvoisin commented Feb 9, 2023

Anything/everything you can share :)

@Te-k
Copy link
Collaborator

Te-k commented Apr 14, 2023

Hi @Malpaga , I wanted to check-in with you if you could share the sample related to the package name com.sec.android.roluqen? I have checked in several databases and couldn't identify any packages with this name, so if you could share the file it would be awesome.
Thanks

@Malpaga
Copy link
Author

Malpaga commented Apr 17, 2023

Hi, sorry for the delay! After checking a-spy's apk again, I noticed that the package name had been changed once more, this time to com.sec.android.sipibuz. This probably means that the app now uses monthly/weekly builds to escape signature detection. The last word in the package name is probably randomly generated.

Here is the apk showcasing this new package name. I don't have access to the one named com.sec.android.roluqen right now but if I find it I'll make sure to share it here as well.
aspy.zip

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@jvoisin jvoisin

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Malpaga @jvoisin @Te-k