Modular Android malware dev kit to be released

By on
Modular Android malware dev kit to be released

Lets writers steal contacts, SD card contents and eavesdrop with ease.

An open source framework has emerged that allows Android malware to be built from modules that enable data to be stolen, phone calls to be eavesdropped and root exploits to be run.

The modules slashed the time and difficulty to build malware and allowed users to select from some 20 prebuilt features such as the ability to siphon contacts, emails and SD card data off phones, and force victims to dial premium calls.

Malware authors could currently select from eight pre-designed templates and insert a custom IP addresses to which siphoned obfuscated data would be delivered.

It could even pack the malware into legitimate-looking signed applications like file system explorers and games so they were ready to be uploaded to Android app stores.

But the Android Framework for Exploitation wasn’t sold on underground hacker forums: It was a product of mobile white hat mobile security experts Aditya Gupta and Subho Halder who built the platform to demonstrate security flaws in the Android operating system. 

Gupta told SC that malware which used the laundry list of features would need to seek permissions, though they would appear limited to the user. 

Gupta

He said conventional malware production on this scale would take writers a long time, but would produce tens of thousands dollars in criminal profits.

“For a basic effort at writing malware, that’s not even really trying hard, you can make $10,000 a month,” Gupta said via a Skype call from India.

“You get more when you distribute this malware to the contact lists and [build botnets].”

Writers would profit from scams such as phone diallers and by running their own ad networks within the hijacked applications, which Gupta said were typically legitimate apps that had been recompiled with malicious code.

The open source framework was built on php, Ruby, bash and Python among others.

However it wasn’t all about creating malware. Gupta said the platform contained vulnerability assessment components that app designers could use to identify security holes in their apps.

Gupta has identified security flaws in dozens of Android apps and in Adobe, Microsoft and Apple products.

The framework follows a long list of proof-of-concept malware applications that could raid Android devices.

In May, security researchers built an app that remotely activated a phone's microphone to eavesdrop on conversations, while an app in a third party store was found stealing SMS bank tokens

Last month, a security researcher developed an application capable of installing a rootkit on the devices which could replace applications with malciious replicas.

Android consistently tops the charts as the most malware-ridden platform.

The free framework was expected to be launched in September this year.

Malware designed under the framework was capable of:

  • Getting call logs
  • Getting contact information
  • Getting email
  • Sending new text messages
  • Downloading any file from the SD card
  • Creating a new file on the SD card
  • Viewing the browsing habits
  • Creating new bookmarks
  • Recording and listening to phone conversations
  • Switching the phone on or off
  • Running root exploits
  • Capturing the screen
  • Make a call to a specified number
  • Capture images with camera and uploading
  • Starting at boot
  • Remaining undetected by all Android anti-virus
  • Obfuscating network data
  • Respawning after it is closed
  • Accessing the GPS location
  • Starting any other application installed on the phone

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Poll

New Windows 10 users, are you upgrading from...
Windows 8
Windows 7
Windows XP
Another operating system
Windows Vista
How should the costs of Australia's piracy scheme be split?
Rights holders should foot the whole bill
50/50
ISPs should foot the whole bill
Government should chip in a bit
Other
View poll archive

Whitepapers from our sponsors

What will the stadium of the future look like?
What will the stadium of the future look like?
New technology adoption is pushing enterprise networks to breaking point
New technology adoption is pushing enterprise networks to breaking point
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
The next era of business continuity: Are you ready for an always-on world?
The next era of business continuity: Are you ready for an always-on world?

Log In

Username:
Password:
|  Forgot your password?