Skip to content

Conversation

carlospolop
Copy link
Collaborator

🤖 Automated Content Update

This PR was automatically generated by the HackTricks News Bot based on a technical blog post.

📝 Source Information

🎯 Content Summary

Technical Summary: GodFather Android Banker Distribution Chain (Part 1)

Scope

First part of a deep-dive into the latest GodFather Android banker distribution chain. Focus: a multistage dropper that packs anti-reversing tricks in its APK and prepares a session-based sideload of the main payload (as also noted by Zimperium: https://shindan.io/blog/godfather-part-1-a-multistage-dropper

  • zipdetails (Archive::Zip script)
  • PKWARE ZIP specification
  • If you need, I can extend Mobile Pentesting with a compact “PackageInstaller session-based sideloading” note and detection heuristics, but it wasn’t necessary for this PR.


    This PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.

    🗑️ File Cleanup

    • searchindex.js removed: This auto-generated file has been removed to prevent conflicts.

    - Remove searchindex.js (auto-generated file)
    @carlospolop
    Copy link
    Collaborator Author

    🔗 Additional Context

    Original Blog Post: https://shindan.io/blog/godfather-part-1-a-multistage-dropper

    Content Categories: Based on the analysis, this content was categorized under "Basic Forensic Methodology -> Specific Software/File-Type Tricks -> ZIPs tricks".

    Repository Maintenance:

    • MD Files Formatting: 878 files processed

    Review Notes:

    • This content was automatically processed and may require human review for accuracy
    • Check that the placement within the repository structure is appropriate
    • Verify that all technical details are correct and up-to-date
    • All .md files have been checked for proper formatting (headers, includes, etc.)

    Bot Version: HackTricks News Bot v1.0

    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Labels
    None yet
    Projects
    None yet
    Development

    Successfully merging this pull request may close these issues.

    1 participant