All posts by Matteo Favaro

Avatar photo
Author: Matteo Favaro

Posts by Matteo Favaro:

SATURN Software deobfuscation framework based on LLVM

Introduction For a variety of security reasons, obfuscating code is a best practice for mobile app developers. Legitimate app developers use obfuscation to protect intellectual property and prevent attacks against their code, and malware providers use it to hide malicious capabilities. Not surprisingly, in the cat-and-mouse game of cybersecurity, this […]

Read more

Fake BBC News App: Analysis

Follow @fvrmatteo On February 26, 2018, we received a notification from the detection system about a malicious sample with a suspicious package and Play Store name. We quickly verified the automatic analysis and confirmed the sample was actively trying to scam users to download it instead of the original BBC […]

Read more

Dissecting mobile native code packers. A case study.

As mobile malware advances to the levels of desktop malware, it’s not uncommon to stumble upon protected APKs while analysing malware. Most of the times, the sample is simply obfuscated via classes/variables name stripping from the DEX file and/or strings obfuscation; but other times several layers divide the researcher from […]

Read more

Fake WhatsApp… and the Real Malware zLabs Discovered

On November 3, 2017, some users of Reddit noticed two WhatsApp applications with the same developer name “WhatsApp Inc.” and started to investigate what looked like a fake update for the WhatsApp application. They quickly realized that the application has been downloaded more than one million times. As a part […]

Read more