jvoisin
commented
1 year ago Can you provide the sample?
Open Malpaga opened 1 year ago
jvoisin
commented
1 year ago Can you provide the sample?
Malpaga
commented
1 year ago Would the apk used for installation be sufficient ?
jvoisin
commented
1 year ago Anything/everything you can share :)
Te-k
commented
1 year ago Hi @Malpaga , I wanted to check-in with you if you could share the sample related to the package name com.sec.android.roluqen? I have checked in several databases and couldn't identify any packages with this name, so if you could share the file it would be awesome.
Thanks
Malpaga
commented
1 year ago Hi, sorry for the delay! After checking a-spy's apk again, I noticed that the package name had been changed once more, this time to com.sec.android.sipibuz. This probably means that the app now uses monthly/weekly builds to escape signature detection. The last word in the package name is probably randomly generated.
Here is the apk showcasing this new package name. I don't have access to the one named com.sec.android.roluqen right now but if I find it I'll make sure to share it here as well.
aspy.zip
While testing a stalkerware detection tool on ASpy, I noticed that the package name used was not listed and thus could not be flagged.