Security Scanner Bot
Telegram bot for mobile threat detection via VPN traffic analysis — no app installation required. Four-layer engine: port analysis, behavioral patterns, blacklist correlation (919 stalkerware domains), and JA3 TLS fingerprinting (97 malware signatures), plus Suricata IDS with ~19K rules.
Problem
A friend's phone was compromised with 26 active backdoor connections. Existing mobile security tools require app installation on the target device — impossible when the device is already compromised.
Solution
Built a Telegram bot that detects threats via VPN traffic analysis — zero installation on the target device. Four-layer detection engine: port analysis, behavioral patterns, blacklist correlation (919 stalkerware domains), JA3 TLS fingerprinting (97 malware signatures), plus Suricata IDS with ~19K rules.
Results & Impact
- ✓Detected 26 active backdoor connections on first real test
- ✓919 stalkerware domains in blacklist database
- ✓97 JA3 malware fingerprints catalogued
- ✓~19,000 Suricata IDS rules integrated
- ✓Built from zero to working product in 2 days