Overview
Syllabus
Intro
Repackaging an app and using custom ads
What is a click fraud malware?
Click fraud for everything
Step 1: download and execute exploits
Step 2: enable accessibility services you
Account creation
Phone numbers are supplied by the C&C
Code injection
to get the CAPTCHA image...
and solve it...
and hook internal methods...
and hook a bit more
Obfuscation: DES
Persistence (1): writing to install-recovery.sh
Persistence (II): installing apps in /system
Persistence (1ll): framework modification
Persistence (IV): injecting into
Persistence summary
Timeline of the author's creations
Taught by
Hack In The Box Security Conference