Overview

Traboda CyberLabs has investigated an Android malware campaign that impersonates the PM-KISAN mobile app. The campaign is distributed via messaging apps and uses a convincing fake “Google Play update” flow to trick victims into enabling sideloading and installing a malicious APK. Rather than exploiting an OS vulnerability, the attackers rely on social engineering to gain installation and permission consent.

challenge name: ShadowVault decription: A mysterious app called ShadowVault has surfaced, rumored to hide secrets within its code. Can you unravel its mystery? category: rev attachment: app-debug.apk TLDR; After logging into the app using hardcorded credentials, changing the values in request body which is also hardcoded gives the flag. First up seeing the “rumored to hide secrets within its code” in description I started searching for any possible hardcoded values and discovered the login creds

This is my experience on Mata Amritanathamayi, Amma’s birthday function, Amritavarsham'70 which was held at Amrita Vishwa Vidyapeetham, Kollam campus

Resources/blogs that I found uselful (this list will be updated often)

Lets dive into the second blog of the Android APK Analysis series

This is the first intentional vulnerable APK I’m analysing. Without further ado, let’s get into it