we have the same products of phone but different model. I am using Xiaomi Redmi Note 7 and yes you are correct, it will scan the APK file first before it will be installed. However, it will still install the payload. you can't really escape it but I have already included some information on how to avoid it sir.
there are ways to counter this attack. You should avoid downloading an APK files from untrusted websites. this attack is capable as well in copying original APK files so that it will not be obvious. The other thing is that, you should also avoid turning on the ALLOW UNKNOWN SOURCES if you are not sure of what you are downloading. Check the installed APK file if the name is "MAINACTIVITY" if so, please uninstall it immediately because it's a payload. there are various ways to determine but this is the basics. I will soon post the tutorial on how to activate this attack GLOBALLY.
we have the same products of phone but different model. I am using Xiaomi Redmi Note 7 and yes you are correct, it will scan the APK file first before it will be installed. However, it will still install the payload. you can't really escape it but I have already included some information on how to avoid it sir.
I guess that's possible as well. If I'm a developer, I can just create an APK with payload injection and then post it on play store. If Google will accept it, then it's successful. everyone will be able to download it.
we have the same products of phone but different model. I am using Xiaomi Redmi Note 7 and yes you are correct, it will scan the APK file first before it will be installed. However, it will still install the payload. you can't really escape it but I have already included some information on how to avoid it sir.
I guess that's possible as well. If I'm a developer, I can just create an APK with payload injection and then post it on play store. If Google will accept it, then it's successful. everyone will be able to download it.
omg napadelikads naman hahaha. popular apps may have that to s†éál info from you kaya siguro ang daming conspiracy theory regarding sa mga apps especially google na s†éáling info sa users.
there are ways to counter this attack. You should avoid downloading an APK files from untrusted websites. this attack is capable as well in copying original APK files so that it will not be obvious. The other thing is that, you should also avoid turning on the ALLOW UNKNOWN SOURCES if you are not sure of what you are downloading. Check the installed APK file if the name is "MAINACTIVITY" if so, please uninstall it immediately because it's a payload. there are various ways to determine but this is the basics. I will soon post the tutorial on how to activate this attack GLOBALLY.
so... it turns out that it's also possible to create the payload as a PERSISTENT BACKDOOR. meaning to say, it will always be there and the remote häçking stays alive. even after restarting the android phone, the backdoor or the payload will still run. This attack will work IF the victim's phone is ROOTED. But, there's still a script that is available now which will work as well even in NON-ROOTED phones. the persistent backdoor files will be saved and uploaded in the victim's SD CARD. I hope this helps you guys
this is possible because the original APK can be decompile. once the attacker will successfully decompile the original apk from play store, the attacker can simply inject the Hook in to the original APK file and then compile it again to make it real. isn't it cool?
so... it turns out that it's also possible to create the payload as a PERSISTENT BACKDOOR. meaning to say, it will always be there and the remote häçking stays alive. even after restarting the android phone, the backdoor or the payload will still run. This attack will work IF the victim's phone is ROOTED. But, there's still a script that is available now which will work as well even in NON-ROOTED phones. the persistent backdoor files will be saved and uploaded in the victim's SD CARD. I hope this helps you guys
this is possible because the original APK can be decompile. once the attacker will successfully decompile the original apk from play store, the attacker can simply inject the Hook in to the original APK file and then compile it again to make it real. isn't it cool?