Series

Not (a) Fine

A ground up investigation into a real smishing campaign targeting users through a fake MoRTH eChallan notification.

What starts as a suspicious SMS turns into a four-stage dropper framework: custom encryption, bulletproof C2 infrastructure, VPN traffic interception and a final banking trojan payload.

Every layer, reverse engineered.

The Spam SMS that turned into a rabbit hole
I was supposed to be building an Android app, ended up taking one apart
Jun 24, 202615 min read132
The Media Player that wasn't
DEX Payload Analysis & C2 Infrastructure Mapping
Jun 26, 202616 min read28

Command Palette