An open source framework has emerged that allows Android malware to be built from modules that enable data to be stolen, phone calls to be eavesdropped and root exploits to be run.
The modules slashed the time and difficulty to build malware and allowed users to select from some 20 prebuilt features such as the ability to siphon contacts, emails and SD card data off phones, and force victims to dial premium calls.
Malware authors could currently select from eight pre-designed templates and insert a custom IP addresses to which siphoned obfuscated data would be delivered.
It could even pack the malware into legitimate-looking signed applications like file system explorers and games so they were ready to be uploaded to Android app stores.
But the Android Framework for Exploitation wasn’t sold on underground hacker forums: It was a product of mobile white hat mobile security experts Aditya Gupta and Subho Halder who built the platform to demonstrate security flaws in the Android operating system.
Gupta told SC that malware which used the laundry list of features would need to seek permissions, though they would appear limited to the user.
He said conventional malware production on this scale would take writers a long time, but would produce tens of thousands dollars in criminal profits.
“For a basic effort at writing malware, that’s not even really trying hard, you can make $10,000 a month,” Gupta said via a Skype call from India.
“You get more when you distribute this malware to the contact lists and [build botnets].”
Writers would profit from scams such as phone diallers and by running their own ad networks within the hijacked applications, which Gupta said were typically legitimate apps that had been recompiled with malicious code.
The open source framework was built on php, Ruby, bash and Python among others.
However it wasn’t all about creating malware. Gupta said the platform contained vulnerability assessment components that app designers could use to identify security holes in their apps.
Gupta has identified security flaws in dozens of Android apps and in Adobe, Microsoft and Apple products.
The framework follows a long list of proof-of-concept malware applications that could raid Android devices.
In May, security researchers built an app that remotely activated a phone's microphone to eavesdrop on conversations, while an app in a third party store was found stealing SMS bank tokens.
Last month, a security researcher developed an application capable of installing a rootkit on the devices which could replace applications with malciious replicas.
Android consistently tops the charts as the most malware-ridden platform.
The free framework was expected to be launched in September this year.
Malware designed under the framework was capable of:
Copyright © SC Magazine, Australia
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.