BZub.CX Malware Reversing

Android banker-malware education framework. 4 specimen APKs (0/75 VT), 95 detection rules, 8,300+ lines of red/blue analysis covering 17 banker families.

Android overlay attack & SMS OTP stealer PoC using AccessibilityService — security research only

In-depth malware research report analyzing TrickBot's evolution from a banking trojan to a modular threat tool used in ransomware campaigns. Covers threat actor attribution, MITRE ATT&CK mapping, propagation techniques, and defensive strategies.

Free Module 1: An educational Android security lab demonstrating how modern banking trojans steal credentials using fake system update notifications and full-screen phishing overlays. Includes a Kotlin Android app and a Python Flask C2 dashboard for real-time exfiltration. For research and defense analysis only.

Detection-as-code for three BFSI-targeting banking trojans (Banana RAT/SHADOW-WATER-063, TrickMo/Coper, TCLBANKER): Sigma + Microsoft Sentinel (KQL) + Google SecOps (YARA-L) rules, IOCs with GTI verdicts, and MITRE ATT&CK coverage.

Static, dynamic, and network-based analysis of a 2013 Zeus Banking Trojan variant — PE analysis, IDA Pro disassembly, live execution monitoring, IOC extraction, and YARA rule development.