STALKERWARE

     

EVERY BREATH YOU TAKE: A CTI REVIEW OF STALKERWARE🕵️

🎉EKOPARTY 2020 Spotify Playlist🎉

Learn why stalkerware is an emerging threat to Enterprise & how it can lead to a breach. Poor AV detection combined with the stigma attached to stalkerware makes it a great tool to exfil data, steal credentials, breachstortion, & more! Reverse engineer Android APKs & use OSINT to hunt stalkerware.

In this repo you will find a csv file to download with domains, hashes, and IPs to search in your org and block/recategorize related to stalkerware. The list is not exhaustive, but contains some of the IOCs to determine if there is traffic on your corporate network/guest wifi/customer wifi, etc.

---

💄RESOURCES💄

💋REVERSE ENGINEERING ANDROID APKs

• Kristina Balaam @chmodxx_ Reversing Malware / Reverse Engineering Android APKs - Link
• Kristina Balaam @chmodxx_ TOOLS / Reverse Engineering Android APKs - Link
• APKTOOL - Link
• DEX2JAR - Link
• JD-GUI - Link

💅CHECK THIS OUT

• @nscrutables More Stalkerware IOCs & Research - Link
• @tenacioustek More Stalkerware IOCs & Research - Link
• @K3vinLuSec Deep Technical Analysis of the Spyware FlexiSpy for Android - Link

---

FOR THE LAWYERS

_{"The information provided herein is not related nor affiliated with any of my employers. Any opinions expressed in this Github account are those of the account holder, in her individual capacity, and not those of my employers. This is a side project that I prepared for conference talks. You use this information at your own risk."}