Continuing on the sharing sessions, we hosted another technical sharing session on Discord, this time delivered by VERDESEC’s own Trailbl4z3r. Titled “Peeking into Malaysia Scam APKs,” the session focused on helping participants better understand the tactics, techniques, and risks behind scam-related Android application packages that have been increasingly used to target victims.
The session attracted around 60 participants, showing strong interest in a topic that is both technically intriguing and highly relevant to everyday users. Scam APKs have become a common threat vector in Malaysia, often being used to deceive victims into installing malicious applications that imitate legitimate services or manipulate users into surrendering sensitive information. By breaking down how these scams work, the session aimed to give participants a clearer understanding of both the technical and human elements involved.
To build that understanding, the sharing covered both static analysis and dynamic analysis. Participants were introduced to the process of inspecting an APK without running it, allowing them to identify suspicious code structures, permissions, and embedded resources. The session then moved on to dynamic analysis, where the behavior of the application could be observed during execution to better understand how it interacts with the device and how malicious actions may unfold in practice.
Beyond technical analysis, the session also explored the scam lifecycle. This gave participants a broader view of how scam campaigns are designed and executed, from the initial lure all the way to the methods used to deceive victims and extract value. Looking at the full lifecycle helped connect the technical findings with the larger fraud operation behind the malicious application.
An important part of the sharing was the discussion on how to avoid getting scammed. In addition to explaining how scam APKs operate, the session highlighted practical advice that participants could apply in daily life, such as being cautious with app sources, verifying suspicious messages, and recognizing common warning signs before installing unknown applications. This made the session valuable not only from a technical learning perspective, but also from a public awareness standpoint.
Overall, the session was well received and demonstrated how cybersecurity sharing can be both educational and socially relevant.\
| Activity Details: | |
|---|---|
| Venue: | Online |
| Price: | FREE |
| Participants: | 60 |
| Level: | Intermediate |
