android/phoenix

Android/Phoenix authors, claims, sample identification and trends

2024-02-08

·

Blog

The Android/Phoenix botnet (see reverse engineering post here) was advertised underground in May 2023, and on GitHub and Telegram. The GitHub account is closed, but the Telegram channel is still active in 2024. The botnet panel is demonstrated in a video. The github repository is closed now Several developers Notice the creators take of themselves in plural…
Read More
Reverse engineering of Android/Phoenix

2024-02-06

·

Blog

Android/Phoenix is a malicious Remote Access Tool. Its main goal is to extensively spy on the victim’s phone (grab all screenshots, steal the unlock gesture etc). The attacker controls the infected phone via various predefined commands sent on a websocket. This blog post contains the reverse engineering of sample 6485ead2248298b48d4e677d3fb740b8ce8688bc7b4adb7a4d2ac3af827da46b of mid January 2024. The…
Read More

Post

Post