GodFather - Part 1 - A multistage dropper

[carlospolop]

🤖 Automated Content Update

This PR was automatically generated by the HackTricks News Bot based on a technical blog post.

📝 Source Information

• Blog URL: https://shindan.io/blog/godfather-part-1-a-multistage-dropper
• Blog Title: GodFather - Part 1 - A multistage dropper
• Suggested Section: Basic Forensic Methodology -> Specific Software/File-Type Tricks -> ZIPs tricks

🎯 Content Summary

Technical Summary: GodFather Android Banker Distribution Chain (Part 1)

Scope

First part of a deep-dive into the latest GodFather Android banker distribution chain. Focus: a multistage dropper that packs anti-reversing tricks in its APK and prepares a session-based sideload of the main payload (as also noted by Zimperium: https://shindan.io/blog/godfather-part-1-a-multistage-dropper

zipdetails (Archive::Zip script)

PKWARE ZIP specification

If you need, I can extend Mobile Pentesting with a compact “PackageInstaller session-based sideloading” note and detection heuristics, but it wasn’t necessary for this PR.

---

This PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.

🗑️ File Cleanup

• searchindex.js removed: This auto-generated file has been removed to prevent conflicts.

[carlospolop]

🔗 Additional Context

Original Blog Post: https://shindan.io/blog/godfather-part-1-a-multistage-dropper

Content Categories: Based on the analysis, this content was categorized under "Basic Forensic Methodology -> Specific Software/File-Type Tricks -> ZIPs tricks".

Repository Maintenance:

• MD Files Formatting: 878 files processed

Review Notes:

• This content was automatically processed and may require human review for accuracy
• Check that the placement within the repository structure is appropriate
• Verify that all technical details are correct and up-to-date
• All .md files have been checked for proper formatting (headers, includes, etc.)

Bot Version: HackTricks News Bot v1.0