mvt-indicators icon indicating copy to clipboard operation
mvt-indicators copied to clipboard
verified publisher icon mvt-project

IOC path detected

Open renozion opened this issue 6 months ago • 2 comments

Hello folks conducting a new research wit avillaforensics3.8 and iped, two brazilian open source softwares i found that this attacker reached me and saved a few screenshots, and ended up on my private folder in whatsapp, are there any other paths of ioc ever reported? com.whatsapp/WhatsApp/Media/WhatsApp Images/Private (detected only after data extraction)

renozion avatar Jun 15 '25 20:06 renozion

I supposed he used ScrollCaptureRemoteService and remote_submix for audio capture but still researching

renozion avatar Jun 15 '25 21:06 renozion

06-15 18:24:28.095 D/SmartCapture( 2901): onInputEvent: ACTION_DOWN

06-15 18:24:28.095 D/SmartCapture( 2901): showFloatingBar: reason=0

06-15 18:24:28.095 D/SmartCapture( 2901): onCreate

06-15 18:24:28.110 D/SmartCapture( 2901): showFloatingBar

06-15 18:24:28.111 D/SmartCapture( 2901): onResume

06-15 18:24:28.113 D/SmartCapture( 2901): onStart

06-15 18:24:28.113 D/SmartCapture( 2901): onWindowFocusChanged: hasFocus=true

06-15 18:24:28.117 D/SmartCapture( 2901): onSaveInstanceState

06-15 18:24:28.118 D/SmartCapture( 2901): onPause

06-15 18:24:28.119 D/SmartCapture( 2901): onStop

06-15 18:24:28.119 D/SmartCapture( 2901): onDestroy

very fast so it cannot be reached by antivirus

renozion avatar Jun 15 '25 22:06 renozion