Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

 

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      dEEpEst

      How to trojan for android

      Recommended Posts

      Staff

      ATTENTION! All information is provided for informational purposes only. The author is not responsible for any possible harm caused by the materials of this post!

       

      Android is usually called the hotbed of malware. Every day more than 8 thousand new samples of viruses are detected here. And these figures are constantly growing.

      But did you ever wonder how these malicious programs work? Today we will deal with this by studying an Android application that can collect information about the device, its location, take photos and record audio. And all this with remote control.

       

      How to write a Trojan on Android

       

      So, our goal is to understand how modern malicious applications work. And the best way to do this is to see how a similar software is created. Like the combat Trojan, our example will, if desired, be able to monitor and transmit information about the target device to the server.

       

      The Trojan's capabilities will be as follows:

       

      - Collecting the location information;

      - getting the list of installed applications;

      - Receiving SMS;

      - recording of audio;

      - shooting back or front camera.

       

      All this data our application will send to a remote server, where we can analyze the results of its work.

       

      For obvious reasons, I can not give the full code of the application in the article, so you have to perform some tasks yourself (this will require some knowledge in the development of applications for Android).

       

      Skeleton

       

      At this stage, the task is as follows: create an application with an empty (or just innocuous) interface. Immediately after launch, the application will hide its icon, start the service and finish (the service will continue to work).

       

      Let's start. Create an application by using the following permissions in the manifest:

       

      Hidden Content

        Give reaction to this post to see the hidden content.

       

      In the "build.gradle", specify "compileSdkVersion 22" and "targetSdkVersion 22". So you save the application from having to ask for permissions while running (22 is Android 5.1, the required permission request appeared in 23 - Android 6.0, but the application will work in any version).

      Now create an empty Activity and Service. Add the line "return Service.START_STICKY" to the "onStartCommand" method of the service. This will cause the system to restart it in the event of an inadvertent termination.

      Add their description to the manifest (hereinafter our application will be called

      Hidden Content

        Give reaction to this post to see the hidden content.
      ):

       

      Hidden Content

        Give reaction to this post to see the hidden content.

       

      This code will launch the service immediately after the application is launched and disable the activity. The side effect of the last action will be the completion of the application and the disappearance of the icon from the launcher. The service will continue to work.

       

      Part 2 We

       

      continue to write our own Trojan on Android. In the first part, we described how to create a trojan shell - now we need to add code to the service that will collect the information we are interested in.

       

      Let's start by locating. In Android there are several ways to get the current coordinates of the device: GPS, on the cellular towers, on WiFi-routers. And you can work with each of them in two ways: either ask the system to determine the current location and call our callback at the end of the operation, or ask the OS about which coordinates were received the last time (as a result of requests for location from other applications, for example) .

       

      In our case, the second method is much more convenient. It is fast, absolutely invisible to the user (does not lead to the appearance of an icon in the status bar) and does not eat a battery. In addition, it is very simple to use:

       

      Hidden Content

        Give reaction to this post to see the hidden content.

       

      This function asks the system about the latest coordinates obtained by positioning on the cell towers and GPS, then takes the freshest data and returns them in the form of the Location object.

      Then you can extract latitude and longitude and write them to a file inside the private directory of our application:

       

      Hidden Content

        Give reaction to this post to see the hidden content.

       

      When it's time to send data to the server, we'll just give it this and the other files.

       

      Part 3

       

      List of installed applications

       

      Get the list of installed applications even easier:

       

      Hidden Content

        Give reaction to this post to see the hidden content.

       

      The method gets a list of all the applications and saves it to the apps file inside the application's private directory.

       

      Part 4

       

      Dump CMC is

       

      already more complicated. To get a list of all saved SMS, we need to connect to the database and go through it in search of the necessary records. Code that allows to dump all SMS to a file:

       

      Hidden Content

        Give reaction to this post to see the hidden content.

       

      It should be used like this:

       

      Hidden Content

        Give reaction to this post to see the hidden content.

       

      Part 5

       

      Hidden audio recording

       

      Record audio from the microphone using the "MediaRecorder API". It is enough to transfer the parameters of the record to it and run it using the "start ()" method. Stop the recording using the "stop ()" method. The following code demonstrates how to do this. In this case, we use a separate sleep thread that wakes up after a specified timeout and stops the record:

       

      Hidden Content

        Give reaction to this post to see the hidden content.

       

      This code will make a 15-second entry and put it in the audio-DATE-AND-TIME file.3gp.

       

      Part 6

       

      Hidden Shooting

       

      The camera is the hardest. First, it's good to be able to work with two APIs at once: classic and Camera2, which appeared in Android 5.0 and became the main one in 7.0. Secondly, the API Camera2 often works incorrectly in Android 5.0 and even in Android 5.1, you need to be ready for this. Third, Camera2 is a complex and confusing API based on callbacks that are called when the camera state changes. Fourthly, neither in the classic camera API, nor in Camera2 is there any means for hidden shooting. They both require you to show previews, and this limitation will have to be bypassed with hacks.

      Considering that it's much more difficult to work with Camera2, and it's impossible to describe the nuances of working with it in the framework of this article, I'll just bring all the class code for a hidden survey. And you can either use it as is, or try to deal with it yourself (but I warn you: you will go to hell):

       

      Hidden Content

        Give reaction to this post to see the hidden content.

      Share this post


      Link to post
      Share on other sites
      Guest
      This topic is now closed to further replies.