Android banker-malware education framework. 4 specimen APKs (0/75 VT), 95 detection rules, 8,300+ lines of red/blue analysis covering 17 banker families.
-
Updated
May 15, 2026 - Kotlin
Android banker-malware education framework. 4 specimen APKs (0/75 VT), 95 detection rules, 8,300+ lines of red/blue analysis covering 17 banker families.
Android overlay attack & SMS OTP stealer PoC using AccessibilityService — security research only
In-depth malware research report analyzing TrickBot's evolution from a banking trojan to a modular threat tool used in ransomware campaigns. Covers threat actor attribution, MITRE ATT&CK mapping, propagation techniques, and defensive strategies.
Detection-as-code for three BFSI-targeting banking trojans (Banana RAT/SHADOW-WATER-063, TrickMo/Coper, TCLBANKER): Sigma + Microsoft Sentinel (KQL) + Google SecOps (YARA-L) rules, IOCs with GTI verdicts, and MITRE ATT&CK coverage.
Free Module 1: An educational Android security lab demonstrating how modern banking trojans steal credentials using fake system update notifications and full-screen phishing overlays. Includes a Kotlin Android app and a Python Flask C2 dashboard for real-time exfiltration. For research and defense analysis only.
Static, dynamic, and network-based analysis of a 2013 Zeus Banking Trojan variant — PE analysis, IDA Pro disassembly, live execution monitoring, IOC extraction, and YARA rule development.
Add a description, image, and links to the banking-trojan topic page so that developers can more easily learn about it.
To associate your repository with the banking-trojan topic, visit your repo's landing page and select "manage topics."