this project is a security proof of concept that shows the ability of simple android SDK features to implement a Malware feature set on Android phones.
Note: This program is not intended to be stealthy or use bugs in the androind OS/SDK to hid the application or the install of it. This software should not be used in the wild, or without the express concent of the device owner/operator
The Android Malware Example demonstrates the following abilites:
-
Using a Command and Control server to send commands to the device
-
Use of encryption for the following:
-
SSL communications with the server
-
SSL certificate validation to prevent SSL MiTM attacks
-
encrypt files before sending to the server
-
Ransomware feature to encrypt files on the device SD card
-
Background service which restarts on phone boot
-
SMS listener for inbound command activation
-
The following Malware Features are implemented and send thier data to the CNC Server
-
Get Wifi Network information
-
Get Phone information
-
Get Accounts configured on the device
-
Get all Contacts on the phone
-
Get the Phone Logs
-
Get SMS Logs
-
Get Bluetooth device information
-
Get System Logs
-
Get GPS Location
-
Get list of files on the SD Card
-
Send a File from the device to the CNC Server
-
Download a file from a URL and place it on the phone.
-
Encrypt/Decrypt all files on the SD card with a password (Ransomware)
-
Record audio on the device
-
Get list of installed Applications.
-
Send and SMS message to a phone number.
-
Configure a delay to check back with the CNC server
-
The following features are not implemented due to recent changes in the SDK which prevent them
-
access to browser history via the SDK
-
SDK access to the Camera in a way which hides the UI and takes a picture