Jump to content

How to trojan for android


dEEpEst
 Share

Recommended Posts

ATTENTION! All information is provided for informational purposes only. The author is not responsible for any possible harm caused by the materials of this post!

 

Android is usually called the hotbed of malware. Every day more than 8 thousand new samples of viruses are detected here. And these figures are constantly growing.

But did you ever wonder how these malicious programs work? Today we will deal with this by studying an Android application that can collect information about the device, its location, take photos and record audio. And all this with remote control.

 

How to write a Trojan on Android

 

So, our goal is to understand how modern malicious applications work. And the best way to do this is to see how a similar software is created. Like the combat Trojan, our example will, if desired, be able to monitor and transmit information about the target device to the server.

 

The Trojan's capabilities will be as follows:

 

- Collecting the location information;

- getting the list of installed applications;

- Receiving SMS;

- recording of audio;

- shooting back or front camera.

 

All this data our application will send to a remote server, where we can analyze the results of its work.

 

For obvious reasons, I can not give the full code of the application in the article, so you have to perform some tasks yourself (this will require some knowledge in the development of applications for Android).

 

Skeleton

 

At this stage, the task is as follows: create an application with an empty (or just innocuous) interface. Immediately after launch, the application will hide its icon, start the service and finish (the service will continue to work).

 

Let's start. Create an application by using the following permissions in the manifest:

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

In the "build.gradle", specify "compileSdkVersion 22" and "targetSdkVersion 22". So you save the application from having to ask for permissions while running (22 is Android 5.1, the required permission request appeared in 23 - Android 6.0, but the application will work in any version).

Now create an empty Activity and Service. Add the line "return Service.START_STICKY" to the "onStartCommand" method of the service. This will cause the system to restart it in the event of an inadvertent termination.

Add their description to the manifest (hereinafter our application will be called

Hidden Content

    Give reaction to this post to see the hidden content.
):

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

This code will launch the service immediately after the application is launched and disable the activity. The side effect of the last action will be the completion of the application and the disappearance of the icon from the launcher. The service will continue to work.

 

Part 2 We

 

continue to write our own Trojan on Android. In the first part, we described how to create a trojan shell - now we need to add code to the service that will collect the information we are interested in.

 

Let's start by locating. In Android there are several ways to get the current coordinates of the device: GPS, on the cellular towers, on WiFi-routers. And you can work with each of them in two ways: either ask the system to determine the current location and call our callback at the end of the operation, or ask the OS about which coordinates were received the last time (as a result of requests for location from other applications, for example) .

 

In our case, the second method is much more convenient. It is fast, absolutely invisible to the user (does not lead to the appearance of an icon in the status bar) and does not eat a battery. In addition, it is very simple to use:

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

This function asks the system about the latest coordinates obtained by positioning on the cell towers and GPS, then takes the freshest data and returns them in the form of the Location object.

Then you can extract latitude and longitude and write them to a file inside the private directory of our application:

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

When it's time to send data to the server, we'll just give it this and the other files.

 

Part 3

 

List of installed applications

 

Get the list of installed applications even easier:

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

The method gets a list of all the applications and saves it to the apps file inside the application's private directory.

 

Part 4

 

Dump CMC is

 

already more complicated. To get a list of all saved SMS, we need to connect to the database and go through it in search of the necessary records. Code that allows to dump all SMS to a file:

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

It should be used like this:

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

Part 5

 

Hidden audio recording

 

Record audio from the microphone using the "MediaRecorder API". It is enough to transfer the parameters of the record to it and run it using the "start ()" method. Stop the recording using the "stop ()" method. The following code demonstrates how to do this. In this case, we use a separate sleep thread that wakes up after a specified timeout and stops the record:

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

This code will make a 15-second entry and put it in the audio-DATE-AND-TIME file.3gp.

 

Part 6

 

Hidden Shooting

 

The camera is the hardest. First, it's good to be able to work with two APIs at once: classic and Camera2, which appeared in Android 5.0 and became the main one in 7.0. Secondly, the API Camera2 often works incorrectly in Android 5.0 and even in Android 5.1, you need to be ready for this. Third, Camera2 is a complex and confusing API based on callbacks that are called when the camera state changes. Fourthly, neither in the classic camera API, nor in Camera2 is there any means for hidden shooting. They both require you to show previews, and this limitation will have to be bypassed with hacks.

Considering that it's much more difficult to work with Camera2, and it's impossible to describe the nuances of working with it in the framework of this article, I'll just bring all the class code for a hidden survey. And you can either use it as is, or try to deal with it yourself (but I warn you: you will go to hell):

 

Hidden Content

    Give reaction to this post to see the hidden content.

Link to comment
Share on other sites

  • 3 months later...
Guest
This topic is now closed to further replies.
 Share

Chat Room

Chat Room

Chatroom Rules

No support in chat, open a thread.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.