File Name: 09024538768–1107749532.apk

Size: 0.12MB




App Name : Roblox

Package Name : com.lob.roblox


The above malware was extracted from the mobile network by downloading the malicious application that the subscriber installed on the smartphone.

The application was distributed from the server below:


After reading the Manifest, I have noticed the following:

The malware request the following permissions:

<uses-permission android:name=”android.permission.ACCESS_WIFI_STATE”/>

Gives the application the ability to check the current state of the wifi.

All the permission below are dangerous permissions and used very often by malware.

<uses-permission android:name=”android.permission.WRITE_EXTERNAL_STORAGE”/>

— Gives the application the ability to write to external storage.

<uses-permission android:name=”android.permission.INTERNET”/>

— Gives the application the ability to connect to the internet and creating socks…

The cybersecurity and enterprise world have deep knowledge of attacks towards computers and servers running Linux or windows but not towards mobile operating systems such as Android and iOS and others.

In the digital era, most people use their smartphone to browse the internet, and bring your own device has become the norm in the workplace, but these smart devices are the victims of embedded malware developed by skilled hackers, who are willing to extract as much as information for their own financial benefit.

Most of the mobile malware creators are interested in the following information from your smartphone:


Quando fala-se de virus moveis muita gente ainda pensa que é um mito e que esses tipos de virus não existem, mas esses virus são muitos comuns e afectam todas as plataformas ou sistemas operativos.

Antes de explicar qual sistema mas suscetível a infecçōes de virus, primeiro vou falar sobres os sistemas operativos e a segurança que eles oferecem para prevenção contra esses virus.

Sistemas operativo Android

O Android é um sistema operativo de código aberto da Google, a Google permite que os fabricantes de smartphones façam alterações e personalizem a parencia do sistema operativo. …

What is Single Ring Solicitation Fraud (Wangiri Fraud)?

Single ring solicitation Fraud

  • Happens when a fraudster uses one or more Premium Rate Numbers or High Tariff numbers to generate a large number of missed calls to a specific or multiple ranges of MSISDNs belonging to an telecommunication operator. These destination numbers are usually unknown to the subscribers that receives the missed calls.
  • The fraudster generates these Single ring solicitation Calls expecting the subscribers to return the calls to Premium Rate Numbers or High Tariff numbers, so that they can generate some revenue from it therefore it is concluded by fraud experts that “The motivation behind this fraud is international revenue share fraud”.

Analyzing the difference between normal ISUP calls from Single Ring Solicitation calls

In recent years the Mobile Telecommunication networks gained attention from the media due to signaling security attacks, one of the critical components of these attacks became the most important security information to be concealed and it is called the IMSI.

So, What is an IMSI?

An International Mobile Subscriber Identity (IMSI) is a unique number associated with all Global System for Mobile Communications (GSM) and Universal Mobile Telecommunications System (UMTS) network mobile phone users used for identifying a GSM subscriber.

The IMSI has two parts which are :

  1. Mobile Country Code + Mobile Network code
  • The mobile country code — Points to the country where the operator is based for example the UK…

Mapping of USSD Top 10 Security Risks

Security should be at the heart of software systems, especially when there is money involved. In mobile money or mobile payment ecosystems which enable USSD feature are exposed to some risks can affect the credibility of the service and can be detrimental for the organization's revenue, if they are not taken into account and prevented before launching a mobile money service. Below are the most prevalent risks for mobile money payments related to USSD and the recommendations to mitigate them.


A cybercriminal can tamper with USSD command requests and responses by conducting man-in-the-middle…

Some of the top 5 technical books I have read — December 2020 to February 2021 edition.

In my quest to become the security professional that I am today, I have learned from multiple sources and one of these key sources are the technical books that I read, apart from the RFC, online courses, and of course the articles on Medium published by very skilled security professionals.

I would like to share some of the top 5 technical books and I will continue to share more.

1. Black Hat python, 1st Edition.

The book is written by Justin and Tim Arnold and foreword by one of…

In the digital era, we find ourselves connected to the internet all the time and from multiple devices. All these connected devices can be compromised by cybercriminals to steal sensitive data such as credit card numbers, passwords, and others.

To increase the level of difficulty for a criminal who seeks to compromise your devices and stealing your information, one can adopt the following preventive measures.

1. Enable Automatic Updates By Default

Enabling automatic updates can save you from a lot of trouble. if your devices are not running the latest software then it is vulnerable to multiples attacks that can happen when you browse a website…



SMS phishing is the act of committing text message fraud to try to lure victims into revealing account information or installing malware.

In SMS phishing, Cybercriminals use a text message to try to get potential victims to give out personal information. The text message, which typically contains a link to a fake website that looks identical to the legitimate site, asks the recipient to enter personal information. Fake information is often used to make the texts appear to be from a legitimate organization or business.


Due to the rapid adoption of smartphones and smartphones are the primary computing platform for…

Josue Martins

Interested in Mobile Appication Security ,IoT security ,Mobile Device and Telecom Security.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store