Lukas Stefanko
@LukasStefanko
Malware Researcher at @ESET Android security, malware analysis, app vulnerability research http://t.me/androidMalware
You might like
Just spotted a little "hello" from the #Crocodilus Android banker devs — they left a message in the logs right after the malware launches. Analysis of Crocodilus: cebrf.knf.gov.pl/images/IKO%20L… New developments: threatfabric.com/blogs/crocodil…
In regards to "cyber influencers", here is a list of people I think are actually great. However, I am extremely biased toward malware related content and/or low-level programming stuff. Unfortunately, some of the really technical people I like also do not post too often. They…
NEW OffSec Live Session! Kali NetHunter: Live Podcast (Episode 1) 🐉 Join us for the first episode of our Kali NetHunter Podcast, where we explore the world of mobile and wearable penetration testing. Our guest for this episode is Lukas Stefanko (Mobile Hacker), a respected…
#ESETresearch has released its latest APT Activity Report (Apr–Sep 2025): 🇨🇳China-aligned groups targeted Latin America amid US-China tensions. 🇷🇺Russia-aligned groups intensified ops against 🇺🇦Ukraine & 🇪🇺EU states. Full report: web-assets.esetstatic.com/wls/en/papers/…
#ESETresearch identified an active campaign distributing #NGate – Android NFC relay malware used for contactless payment fraud – targeting Brazilian users. It is available for download via fake Google Play sites mimicking 4 major banks and 1 e-commerce app. 1/4
I'm pleased to announce that @LukasStefanko aka @androidmalware2 will be the very first guest after the showcase attacks on the @kalilinux NetHunter Live Podcast! Join us on 14 November, 11am ET. TBA soon @offsectraining @Re4sonKernel @kimocoder @_elwood_ mobile-hacker.com
Found Related #spyware #campaign Sample / Domain using @Huntio 9d3ac92937c8986ce55b308c60ae8f9a https://signal-encryption-service[.]ct[.]ws/signsdhfg6aug/signsdhfg6aug/Signal_Encryption_Plugin_V4.7.3.apk @500mk500 @LukasStefanko Ref: x.com/LukasStefanko/…
![volrant136's tweet image. Found Related #spyware #campaign Sample / Domain using @Huntio
9d3ac92937c8986ce55b308c60ae8f9a
https://signal-encryption-service[.]ct[.]ws/signsdhfg6aug/signsdhfg6aug/Signal_Encryption_Plugin_V4.7.3.apk
@500mk500 @LukasStefanko
Ref: x.com/LukasStefanko/…](https://pbs.twimg.com/media/G2RhLZYW0AAsRf-.jpg)
![volrant136's tweet image. Found Related #spyware #campaign Sample / Domain using @Huntio
9d3ac92937c8986ce55b308c60ae8f9a
https://signal-encryption-service[.]ct[.]ws/signsdhfg6aug/signsdhfg6aug/Signal_Encryption_Plugin_V4.7.3.apk
@500mk500 @LukasStefanko
Ref: x.com/LukasStefanko/…](https://pbs.twimg.com/media/G2RhRasWAAAGJ7y.jpg)
![volrant136's tweet image. Found Related #spyware #campaign Sample / Domain using @Huntio
9d3ac92937c8986ce55b308c60ae8f9a
https://signal-encryption-service[.]ct[.]ws/signsdhfg6aug/signsdhfg6aug/Signal_Encryption_Plugin_V4.7.3.apk
@500mk500 @LukasStefanko
Ref: x.com/LukasStefanko/…](https://pbs.twimg.com/media/G2RikZaWIAA-NkU.png)
We identified two campaigns targeting #Android users with previously undocumented spyware impersonating #Signal and #ToTok via deceptive websites welivesecurity.com/en/eset-resear… #ESET #ESETresearch
We identified two campaigns targeting #Android users with previously undocumented spyware impersonating #Signal and #ToTok via deceptive websites welivesecurity.com/en/eset-resear… #ESET #ESETresearch
#ESETResearch has identified two campaigns targeting Android users in the🇦🇪. The campaigns, which are still ongoing, distribute previously undocumented spyware impersonating #Signal and #ToTok via deceptive websites. welivesecurity.com/en/eset-resear… 1/6
#ESETResearch has discovered the first known AI-powered ransomware, which we named #PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes 1/6
@LukasStefanko explains why smartphones are the perfect target for digital spies. 🎙️ Listen to Unlocked 403 Podcast now on Spotify, or Apple Podcasts, and stay one step ahead of digital threats. @ESETresearch #Unlocked403
In H1 2025, #ESETResearch telemetry recorded a 160% surge in #Android adware & clicker detections. Leading this spike is a colorfully branded threat #Kaleidoscope, responsible for 28% of all Android #adware detections in H1. 1/6
ESET Threat Report H1 2025: #ClickFix attacks surge 500%, SnakeStealer tops infostealer charts, and NFC fraud jumps 35x. Plus, chaos in the ransomware underworld and a new Android adware menace—Kaleidoscope. Dive into the full report: web-assets.esetstatic.com/wls/en/papers/… #ESETresearch
A Turkish threat actor and Android malware author sent a private message to security researcher Lukas Stefanko. The droppers distributed by these threat actors report victim interactions back to them using log messages in Turkish.
Malware #Crocodilus impersonates a fake “IKO Lokata” app — its icon closely resembles that of a major Polish bank 🏦. 📣 Delivered via fake ads on @Facebook. 🔗 Campaign domains: • iko-power-app[.sbs • iko-lokata[.icu 🧠 IoC: rentvillcr[.homes VT: virustotal.com/gui/file/0009a…
🚨 Uwaga! Cyberprzestępcy publikują fałszywe reklamy na portalu @facebook, zachęcające do pobrania złośliwej aplikacji na Androida 📱. Malware podszywa się pod rzekomo oficjalną aplikację „IKO Lokata” — która nie istnieje ❗ ⚠️ Po instalacji pobierany jest kolejny złośliwy…
#BREAKING #ESETresearch NFC Android malware impersonates banking app in 🇵🇱 Poland. #NGate malware impersonates a banking verification application to steal NFC data and PIN from victims’ physical payment card. @LukasStefanko 1/3
I hacked into the Telegram bot and retrieved all the logs😃. It seems that Spain🇪🇸 is being targeted. @g0njxa 🫣 threat actor: ledear_dev sample: 9dc524efab35e8d79108fa8920119c6e Additionally, telegram vulnerability CVE-2024-7014 has already been fixed.
In the latest version of G-700 Android RAT was allegedly added exploitation of the #EvilVideo Telegram vulnerability (CVE-2024-7014) The exploit allows sending malicious APK files disguised as video EvilVideo: welivesecurity.com/en/eset-resear… G-700 RAT: cyfirma.com/research/g700-…
In the latest version of G-700 Android RAT was allegedly added exploitation of the #EvilVideo Telegram vulnerability (CVE-2024-7014) The exploit allows sending malicious APK files disguised as video EvilVideo: welivesecurity.com/en/eset-resear… G-700 RAT: cyfirma.com/research/g700-…
Cybercriminals Use NFC Relay to Turn Stolen Credit Cards into Cash without a PIN : mobile-hacker.com/2024/12/02/cyb… credits @LukasStefanko
United States Trends
- 1. Spurs 47.3K posts
- 2. Merry Christmas Eve 43.2K posts
- 3. Rockets 24.4K posts
- 4. #Pluribus 19.2K posts
- 5. Cooper Flagg 11.9K posts
- 6. UNLV 2,540 posts
- 7. Chet 9,873 posts
- 8. Ime Udoka N/A
- 9. SKOL 1,705 posts
- 10. Mavs 6,265 posts
- 11. #PorVida 1,717 posts
- 12. Randle 2,661 posts
- 13. Kawhi Leonard 1,013 posts
- 14. #VegasBorn N/A
- 15. Rosetta Stone N/A
- 16. #WWENXT 12.1K posts
- 17. Yellow 59.8K posts
- 18. connor 153K posts
- 19. #GoAvsGo N/A
- 20. Keldon Johnson 1,617 posts
You might like
-
Arkbird
@Arkbird_SOLG -
ThreatFabric
@ThreatFabric -
MalwareHunterTeam
@malwrhunterteam -
Dee
@ViriBack -
RedDrip Team
@RedDrip7 -
Bad Packets by Okta
@bad_packets -
Karsten Hahn
@struppigel -
reecDeep
@reecdeep -
Check Point Research
@_CPResearch_ -
Nikolaos Chrysaidos
@virqdroid -
Project Zero Bugs
@ProjectZeroBugs -
hasherezade
@hasherezade -
Mobile Security
@mobilesecurity_ -
0verfl0w
@0verfl0w_ -
ExecuteMalware
@executemalware
Something went wrong.
Something went wrong.