Lee Wei Yeong

Oct 15, 2024 | arxiv.org | Lee Wei Yeong

Jan 12, 2024 | unit42.paloaltonetworks.com | Lee Wei Yeong |Zhanhao Chen |Yang Ji |Qi Deng

This post is also available in: 日本語 (Japanese)Executive SummaryDuring our research discovering threats in legitimate network traffic, activity generated by a certain type of Android Package Kit (APK) files kept hitting our radar. This activity led us to conduct an in-depth investigation on the associated APK files. Our research revealed a family of malicious APKs targeting Chinese users that steals victim information and conducts financial fraud.

Oct 6, 2023 | unit42.paloaltonetworks.com | Lee Wei Yeong |Xingjiali Zhang |Yang Ji |Wenjun Hu

This post is also available in: 日本語 (Japanese)Executive SummaryOne of the biggest challenges we face in analyzing Android application package (APK) samples at scale is the diversity of Android platform versions that malware authors use. When trying to utilize static and dynamic analysis techniques in the malware detection space, the sheer variety of platform versions can feel overwhelming.

Jun 15, 2023 | unit42.paloaltonetworks.com | Yang Ji |Wenjun Hu |Lee Wei Yeong |Xingjiali Zhang

Unit 42 researchers have observed a surge of malware written for the Android platform that is attempting to impersonate the popular ChatGPT application. These malware variants emerged along with the release by OpenAI of GPT-3.5, followed by GPT-4, infecting victims interested in using the ChatGPT tool. Here, we provide an in-depth analysis of two types of currently active malware clusters. The first cluster is a Meterpreter Trojan disguised as a "SuperGPT" app.