Modular Android malware dev kit to be released

Powered by SC Magazine
 

Lets writers steal contacts, SD card contents and eavesdrop with ease.

An open source framework has emerged that allows Android malware to be built from modules that enable data to be stolen, phone calls to be eavesdropped and root exploits to be run.

The modules slashed the time and difficulty to build malware and allowed users to select from some 20 prebuilt features such as the ability to siphon contacts, emails and SD card data off phones, and force victims to dial premium calls.

Malware authors could currently select from eight pre-designed templates and insert a custom IP addresses to which siphoned obfuscated data would be delivered.

It could even pack the malware into legitimate-looking signed applications like file system explorers and games so they were ready to be uploaded to Android app stores.

But the Android Framework for Exploitation wasn’t sold on underground hacker forums: It was a product of mobile white hat mobile security experts Aditya Gupta and Subho Halder who built the platform to demonstrate security flaws in the Android operating system. 

Gupta told SC that malware which used the laundry list of features would need to seek permissions, though they would appear limited to the user. 

Gupta

He said conventional malware production on this scale would take writers a long time, but would produce tens of thousands dollars in criminal profits.

“For a basic effort at writing malware, that’s not even really trying hard, you can make $10,000 a month,” Gupta said via a Skype call from India.

“You get more when you distribute this malware to the contact lists and [build botnets].”

Writers would profit from scams such as phone diallers and by running their own ad networks within the hijacked applications, which Gupta said were typically legitimate apps that had been recompiled with malicious code.

The open source framework was built on php, Ruby, bash and Python among others.

However it wasn’t all about creating malware. Gupta said the platform contained vulnerability assessment components that app designers could use to identify security holes in their apps.

Gupta has identified security flaws in dozens of Android apps and in Adobe, Microsoft and Apple products.

The framework follows a long list of proof-of-concept malware applications that could raid Android devices.

In May, security researchers built an app that remotely activated a phone's microphone to eavesdrop on conversations, while an app in a third party store was found stealing SMS bank tokens

Last month, a security researcher developed an application capable of installing a rootkit on the devices which could replace applications with malciious replicas.

Android consistently tops the charts as the most malware-ridden platform.

The free framework was expected to be launched in September this year.

Malware designed under the framework was capable of:

  • Getting call logs
  • Getting contact information
  • Getting email
  • Sending new text messages
  • Downloading any file from the SD card
  • Creating a new file on the SD card
  • Viewing the browsing habits
  • Creating new bookmarks
  • Recording and listening to phone conversations
  • Switching the phone on or off
  • Running root exploits
  • Capturing the screen
  • Make a call to a specified number
  • Capture images with camera and uploading
  • Starting at boot
  • Remaining undetected by all Android anti-virus
  • Obfuscating network data
  • Respawning after it is closed
  • Accessing the GPS location
  • Starting any other application installed on the phone

Copyright © SC Magazine, Australia


Modular Android malware dev kit to be released
 
 
 
Top Stories
Parliament passes law to let ASIO tap entire internet
Greens effort to limit devices fails.
 
Business-focused Windows 10 brings back the Start menu
Microsoft skips 9 for the "greatest enterprise platform ever".
 
Feeling Shellshocked?
Stay up to date with patching for the Bash bug.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  65%
 
Advanced persistent threats
  5%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  12%
TOTAL VOTES: 1391

Vote