Lukas Stefanko @LukasStefanko Twitter profile

Pinned Tweet

Lukas Stefanko

2 years

NetHunter Wi-Fi and Rubber Ducky mobile combo Android NetHunter kernel supports many popular external wifi chipsets including lot of cheap adapters. Rubber Ducky works without any problems on both devices so far. #TicWatchPro #OnePlus7

18

144

594

Last Seen Profiles

@sotwecom

@Basilio60390298

@sikohiji

@tuan070782

@Bondagerub8743

@bokeplokalmalam

@hesasweetie

@Aquafly1975

@DominusAugusto

@OAKBOYZ

@pyramation

@monuii5

@EmilioRaiden

@UCUNUbranch

@CKochersberg

@galery_basah10

@holidayInns

@blossomingfists

@ValiantNewsLive

@JeseniaWhyte

@lusa222

@seira4033

@tetyjkt

@SHObisrakh

@qh_iil

@cattcattiie

@MrCrazy56401440

@TFilippes

@starstruck_18

@boy_trian

@grlodi

@AyvalVasfiye

@sudhirtwits

@HiJennyT

@garygait

@jandakembangstw

Lukas Stefanko

@LukasStefanko

4 years

Hacking into Android in 32 seconds Samsung S7 is connected to Pixel as HID device (keyboard) that tries to brute force lock screen PIN and then download, install and launch Metasploit payload

90

1K

4K

Lukas Stefanko

@LukasStefanko

6 years

Malware unpacking is sometimes like

25

2K

4K

Lukas Stefanko

@LukasStefanko

6 years

The social media queue

66

2K

3K

Lukas Stefanko

@LukasStefanko

7 years

Machine Learning 101

16

985

2K

Lukas Stefanko

@LukasStefanko

6 years

Fast charger technology included

22

617

2K

Lukas Stefanko

@LukasStefanko

5 years

Covid Android Ransomware If you installed malicious Coronavirus Tracker app that locked your smartphone and requested ransom, use "4865083501" code to unlock it. Key is hardcoded.

ESET Research

@ESETresearch

5 years

#ESETresearch ALERT: #COVID19 #Android #Ransomware : If you installed malicious Coronavirus Tracker app that locked your smartphone and requested ransom, use "4865083501" code to unlock it. Key is hardcoded. @LukasStefanko Details:

20

775

887

19

1K

Lukas Stefanko

@LukasStefanko

6 years

Would you trust your own code?

46

557

1K

Lukas Stefanko

@LukasStefanko

6 years

Android Trojan makes PayPal payment on behalf of user. It sends $1,000 from victim's account every time user opens PayPal app.

53

1K

Lukas Stefanko

@LukasStefanko

7 years

Trojan horse escaping sandbox through security hole

20

527

1K

Lukas Stefanko

@LukasStefanko

6 years

Don't install these apps from Google Play - it's malware. Details: -13 apps -all together 560,000+ installs -after launch, hide itself icon -downloads additional APK and makes user install it (unavailable now) -2 apps are #Trending -no legitimate functionality -reported

78

1K

Lukas Stefanko

@LukasStefanko

7 years

"Our data breach happened using a highly professional attack with sophisticated social engineering"

26

708

1K

Lukas Stefanko

@LukasStefanko

6 years

When Windows enters Virtual Reality game

17

314

1K

Lukas Stefanko

@LukasStefanko

6 years

How easy it is to make user believe apps are highly downloaded(popular) and probably worth of trying. These are not number of app installs, these are developer names.

21

659

913

Lukas Stefanko

@LukasStefanko

7 years

I just found the most honest "Virus Cleaner 2018" on Google Play. Not only it detects itself as vulnerable it also recommends me to uninstall it. #InstallOnlyReliableSecurityApps

13

321

898

Lukas Stefanko

@LukasStefanko

7 years

TotallyNotAVirus.exe #MalwareUnpacking

14

428

886

Lukas Stefanko

@LukasStefanko

6 years

Xiaomi now shows ads even in the Settings.

52

509

771

Lukas Stefanko

@LukasStefanko

5 years

Looks like someone successfully created PoC for Android CVE-2019-2107 RCE PoC: You can own the mobile by watching a video with payload. Should works on Android 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.

9

433

767

Lukas Stefanko

@LukasStefanko

5 years

How AI technology actually works

10

229

619

Lukas Stefanko

@LukasStefanko

6 years

This is what everyone on dark web wears

29

178

581

Lukas Stefanko

@LukasStefanko

4 years

Exploitation of LAN vulnerability found in Firefox for Android I tested this PoC exploit on 3 devices on same wifi, it worked pretty well. I was able to open custom URL on every smartphone using vulnerable Firefox (68.11.0 and below) found by @init_string

8

271

583

Lukas Stefanko

@LukasStefanko

7 years

Have you ever seen two Android Banking Trojans beating each other for victim's credit card information? #Malware cc @malwrhunterteam

16

527

552

Lukas Stefanko

@LukasStefanko

6 years

Remotely Spying via #FaceTime FaceTime any iOS 12.1 or later and you can remotely spy on them (audio and video) before they accept incoming call. Courtesy of @BmManski

18

299

517

Lukas Stefanko

@LukasStefanko

6 years

Security through obscurity Messaging app with 50K+ installs

30

133

493

Lukas Stefanko

@LukasStefanko

5 years

Another click farm in China with 8,000 devices generates fake engagement So, lets wait when someone hacks it for the first time. Is its control panel on Shodan already?

24

208

468

Lukas Stefanko

@LukasStefanko

6 years

Uninstall these apps! 15 apps with more than 400k+ installs in total found on Google Play. These apps can download additional payload and display + click on "invisible" ads. Everything is hidden from user's view.

20

503

435

Lukas Stefanko

@LukasStefanko

6 years

That's why you need these updates, man

8

128

430

Lukas Stefanko

@LukasStefanko

6 years

Scam iOS apps has been found on Apple App Store tricking users to pay over $100 Apps ask for fingerprint right at the moment when paying pop-up shows, which is accepted by user fingerprint.

18

356

432

Lukas Stefanko

@LukasStefanko

6 years

Mobile click farm, birthplace of fake engagement. Fake impressions, boosts new social media trends, ad fraud, helps create influencers, leaves fake review, spreads likes, shares, install apps...

19

217

425

Lukas Stefanko

@LukasStefanko

6 years

Your underwear is too short

10

127

436

Lukas Stefanko

@LukasStefanko

5 years

Leaked footage of Huawei's new OS

19

111

397

Lukas Stefanko

@LukasStefanko

5 years

How to create fake traffic jams in Google Maps with bucket full of smartphones Different perspective: 1) Buy mobile bots 2) Spoof GPS location 3) Control traffic

11

187

402

Lukas Stefanko

@LukasStefanko

6 years

Anti-virus watchdog service at work

5

153

402

Lukas Stefanko

@LukasStefanko

6 years

What is this app rating? Developer created tricky app icon to make potential users believe it has over 4 stars. Purpose of the app is to trick user into activating 3 day trial for basic photo editing app. If user forgets to cancel, it costs him €49.99/week.

20

241

387

Lukas Stefanko

@LukasStefanko

6 years

This is Bob. Bob doesn't care about his mobile privacy. Bob: - doesn't close private tabs - doesn't close browser - doesn't lock his device - face it up front in pocket - goes into public transport - take a nap Don't be like a Bob. Be smart.

6

149

385

Lukas Stefanko

@LukasStefanko

3 years

RCE in Adobe Acrobat Reader for Android (CVE-2021-40724) $10,000 bounty received from GPSRP Excellent exploitation and write-up by @hulkvision Report: Quick summary how it was achieved👇

1

116

397

Lukas Stefanko

@LukasStefanko

6 years

Spoofing any website on Xiaomi's pre-installed browser Be aware, it is NOT fixed yet and it could be misused for phishing credentials. Discovered by @payloadartist

7

228

360

Lukas Stefanko

@LukasStefanko

6 years

Android Legitimate Spyware with 10M+ installs. App #Onavo owned by Facebook, is VPN service that collects your: - mobile traffic - location - installed/opened apps - visited websites This app should hide your traffic & increase privacy, instead it collects it.

14

318

366

Lukas Stefanko

@LukasStefanko

2 months

New Android malware - #NGate - relays NFC data from victims’ payment cards, via victims’ compromised mobile phones, to attacker's device waiting at an ATM to withdraw cash

5

159

351

Lukas Stefanko

@LukasStefanko

6 years

Remove is not Uninstall Found 3 apps on Google Play with over 700,000 installs that use interesting persistence technique. When user realizes app is not as described, he can only remove the app icon not uninstall the app itself. How it works I explained it in the video:

10

191

338

Lukas Stefanko

@LukasStefanko

6 years

Barcode Scanner app with 5,000,000+ installs became adware. Should we be now afraid of even popular apps? Developer sold the app or took advantage? -in 8 months app reached 5M+ installs -after last update became adware -uses own lockscreen -display ads -removed from Google Play

20

183

328

Lukas Stefanko

@LukasStefanko

6 years

When you implement your own encryption

3

100

327

Lukas Stefanko

@LukasStefanko

5 years

Security without pentests II.

4

64

315

Lukas Stefanko

@LukasStefanko

6 years

5

79

322

Lukas Stefanko

@LukasStefanko

5 years

Security without penTests 5️⃣

4

73

313

Lukas Stefanko

@LukasStefanko

6 years

Android malware can send WhatsApp messages from infected device to spread itself + uses TOR. What happened in video: -request to activate accessibility service -activates device admin -set itself as default SMS app -downloads payload -downloads TOR Found month ago by @sh1shk0va

11

157

291

Lukas Stefanko

@LukasStefanko

6 years

Android Banker found on Google Play with 10K+ installs stole over 10,000 Euros already. Video example how it misuses accessibility services and overlays banking app (1:09).

13

178

279

Lukas Stefanko

@LukasStefanko

5 years

Vulnerability in Google's Camera app allowed 3rd party apps to take pictures and video without user knowledge or CAMERA permission. This happened because of exported CameraActivity that accepted input from other apps. CVE-2019-2234 via @checkmarx

6

178

286

Lukas Stefanko

@LukasStefanko

5 years

Security without pentests 4️⃣

4

68

265

Lukas Stefanko

@LukasStefanko

6 years

I tested over 15 fake GPS Navigation apps with over 50,000,000 installs from #GooglePlay that violate Google rules. These apps just open Google Maps or use their API without any additional value for user, except for displaying ads. Some of them don't even have proper app icon.

14

126

259

Lukas Stefanko

@LukasStefanko

6 years

More locks, more security

8

75

259

Lukas Stefanko

@LukasStefanko

6 years

Microsoft knows how to treat customers

6

73

254

Lukas Stefanko

@LukasStefanko

6 years

Imagine, Android ransomware that could lock you out of your car. If Smart key app is installed then triple ransom.

12

89

251

Lukas Stefanko

@LukasStefanko

6 years

Using not up-to-date antivirus scanner is like

5

108

244

Lukas Stefanko

@LukasStefanko

6 years

Would you use AntiVirus that detect itself as risky app? This Fake Antivirus 2019 uses only blacklist & whitelist for package names of apps + permissions check. Still forget to whitelist itself.

21

81

234

Lukas Stefanko

@LukasStefanko

4 years

APKLeaks in action Handy utility that dumps IPs, URLs, URIs or secrets from analyzed Android app Now you know where backups are stored and maybe test these ZIPs for DIR traversal 👇 by @dwisiswant0

6

52

244

Lukas Stefanko

@LukasStefanko

6 years

Using Out-Of-Date software could be like

5

65

243

Lukas Stefanko

@LukasStefanko

7 years

Android Trojan controlled via Telegram spies on Iranian users. Can take pics, make call, send SMS, steal data. #Iran

8

178

230

Lukas Stefanko

@LukasStefanko

6 years

Weather app has new feature - make phone calls. #NotCool

19

73

234

Lukas Stefanko

@LukasStefanko

4 years

0-click RCE via MMS exploit for Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0) #Fuzzing CVE-2020-8899 Demo:

3

93

233

Lukas Stefanko

@LukasStefanko

6 years

App functionality demonstration

17

72

217

Lukas Stefanko

@LukasStefanko

6 years

Using the free antivirus software that comes with your computer.

8

108

219

Lukas Stefanko

@LukasStefanko

5 years

Security without pentests III.

3

43

220

Lukas Stefanko

@LukasStefanko

4 years

Demo of Binance wallet theft using Accessibility services Android PoC malware misuses accessibility to take control over device to withdraw Bitcoins without any user interaction. Binance swiftly fixed the issue. Research & video by @yonas_leguesse Paper:

8

82

219

Lukas Stefanko

@LukasStefanko

2 years

Trojanized #WhatsApp and #Telegram apps replace cryptocurrency wallet addresses in messages Some of them use OCR to recognize mnemonic phrase text from screenshots and photos stored on the devices to steal cryptocurrency funds #Android #Windows

1

77

223

Lukas Stefanko

@LukasStefanko

6 years

There is a newspaper in my ad

15

67

215

Lukas Stefanko

@LukasStefanko

5 years

Android malware analysis + OSINT How I tracked down the developer of 42 Android adware apps on Google Play with 8,000,000+ installs.

7

82

213

Lukas Stefanko

@LukasStefanko

6 years

Android SMS Worm spreads in #India 🇮🇳 -spreads via SMS and WhatsApp as "Free 25GB Offer" app -only for Jio customers Goal: spread & ads monetization App in background sends SMS to contacts if they have Jio number prefix. Demo: Download + Install + Open Found by @srbhdubey

17

158

199

Lukas Stefanko

@LukasStefanko

7 years

The first Android Crypto-Ransomware that misuses accessibility services + encrypts data + changes PIN. #DoubleLocker

10

240

197

Lukas Stefanko

@LukasStefanko

5 years

Security without pentests 6️⃣

2

29

192

Lukas Stefanko

@LukasStefanko

6 years

100% wireless

1

38

196

Lukas Stefanko

@LukasStefanko

5 years

After couple requests I created Telegram Channel To stay up-to-date with mobile security feel free to Join and share. Topics: Security & privacy, malware on Google Play, vulnerabilities, bug bounty hunting, security tips, tutorials, penetration testing..

Android Security & Malware

Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: [email protected]

t.me

8

53

193

Lukas Stefanko

@LukasStefanko

6 years

There is an animal called Internet Explorer

7

67

192

Lukas Stefanko

@LukasStefanko

7 years

Google Pixel did really well and wasn't successfully pwned at mobile #Pwn2Own . We can't say that about iPhone. Apparently Adrian was right.

11

126

187

Lukas Stefanko

@LukasStefanko

3 years

This is how Android malware steals recovery phrase from Trust Crypto Wallet without user interaction and restricts access to victims smartphone by blocking all the actions such as removing it and seeing any unauthorized withdraws Full demo:

Alberto Segura (https://infosec.exchange/@asegura)

@alberto__segura

3 years

Some kind of crypto wallet stealer which sends your keys via Telegram. Also includes a C2 URL. Low detected: cc @malwrhunterteam

5

22

61

3

69

188

Lukas Stefanko

@LukasStefanko

5 years

@SwiftOnSecurity My similar "security without pentests" collection:

4

26

175

Lukas Stefanko

@LukasStefanko

5 years

CSRF + XSS + SMS spoofing + Android deep link URL redirection Great example of chaining low impact vulnerabilities in #TikTok to remotely manipulate account content -delete user video -upload user video -make "private" videos "public" via @_CPResearch_

2

73

184

Lukas Stefanko

@LukasStefanko

4 years

How to prevent this happening -charge you smartphone using you own adapter if possible -don't use trivial PIN or password lock screen protection -use mobile security software that will detect Metasploit payload

6

23

178

Lukas Stefanko

@LukasStefanko

4 years

Android WhatsApp Worm? Malware spreads via victim's WhatsApp by automatically replying to any received WhatsApp message notification with a link to malicious Huawei Mobile app. Message is sent only once per hour to the same contact. It looks to be adware or subscription scam.

Re-ind

@ReBensk

4 years

#Android #Banking #Trojan #Malware @malwrhunterteam @Spam404 @bl4ckh0l3z @JAMESWT_MHT #opendir Huawei Mobile #Phishing Malware: .apps.details.settings[.pw/play/download/ "MD5: 121AB9F7C0F439274478099D9E550473" C2: https://settings[.pw/

2

17

56

15

121

183

Lukas Stefanko

@LukasStefanko

6 years

What a great security feature

16

73

181

Lukas Stefanko

@LukasStefanko

6 years

The First Android cryptocurrency clipboard exchanger found on Google Play. Its goal is to change copied address of cryptocurrency wallet of recipient for the attacker's. Malware also impersonates @metamask_io service and lures PK, password or phrase.

9

113

178

Lukas Stefanko

@LukasStefanko

3 years

SMS worm impersonates Covid-19 vaccine free registration Android SMS worm tries to spread via text messages as fake free registration for Covid-19 vaccine - targets India 🇮🇳 It can spread itself via SMS to victim contacts with link to download this malware.

MalwareHunterTeam

@malwrhunterteam

3 years

"Covid-19.apk" seen from India: 5522a7cc358b4193eac53e620d3baa47f385a04bf3d15d1850076cce9456d5f4

3

23

39

12

151

179

Lukas Stefanko

@LukasStefanko

4 years

Robinhood on Google Play How it started How it's going

3

37

175

Lukas Stefanko

@LukasStefanko

7 years

More infected ATM's in Indonesia by #WannaCry . Updated picture collection from infected countries [60 pics]

6

228

176

Lukas Stefanko

@LukasStefanko

6 years

1998: Computers will get us to Mars 2018:

9

52

170

Lukas Stefanko

@LukasStefanko

6 years

I just finished Web Security Academy labs It's great learning source with free trainings + labs to test your skills: -SQL injection -XSS -OS command injection -DIR traversal Hope, we can expect more topics to come @WebSecAcademy @Burp_Suite @PortSwigger

2

36

170

Lukas Stefanko

@LukasStefanko

6 years

Almost every Android phone - except for Pixel - is still vulnerable to this RCE bug. That's because Manufacturers don't push security updates right away. BTW, Samsung devices are the most popular unpatched phones on the planet. @Swati_THN @TheHackersNews

Android Phones Can Get Hacked Just by Looking at a PNG Image

Critical remote code execution vulnerabilities could allow remote hackers to hack your smartphones just using a PNG Image

thehackernews.com

7

104

165

Lukas Stefanko

@LukasStefanko

7 years

Windows Defender in action

9

113

163

Lukas Stefanko

@LukasStefanko

5 years

Scareware Youtube ads "Your Phone has Virus ⚠️" techniques are misused to promote lousy Android antivirus app. BTW, this app has 100K+ installs and has been available on Google Play only since Jul 5, 2019 without any reference or web site P.S. So, my phone has 13 or 23 viruses?

16

81

163

Lukas Stefanko

@LukasStefanko

6 years

Don't be quiet, no matter who is listening. Recently discovered Android banking Trojan on Google Play by @ThreatFabric had malicious package name containing my name and hi_there message for me. If you are reading this, next time I want my profile_pic signed by you in there. :)

5

61

158

Lukas Stefanko

@LukasStefanko

5 years

Android #StrandHogg vulnerability Vulnerability allows malicious app to masquerade as any other app on the device. So, if you launch Facebook, malware is executed. See video demo how it works. @Promon_Shield

7

89

164

Lukas Stefanko

@LukasStefanko

7 years

Beware of another fake version of @myetherwallet found on Google Play Store with lots of fake positive reviews. It tries to steal user's private key. BTW there isn't any official MyEtherWallet on GP, yet. #reported

7

128

139