Modular Android malware dev kit to be released

An open source framework has emerged that allows Android malware to be built from modules that enable data to be stolen, phone calls to be eavesdropped and root exploits to be run.

The modules slashed the time and difficulty to build malware and allowed users to select from some 20 prebuilt features such as the ability to siphon contacts, emails and SD card data off phones, and force victims to dial premium calls.

Malware authors could currently select from eight pre-designed templates and insert a custom IP addresses to which siphoned obfuscated data would be delivered.

It could even pack the malware into legitimate-looking signed applications like file system explorers and games so they were ready to be uploaded to Android app stores.

But the Android Framework for Exploitation wasn’t sold on underground hacker forums: It was a product of mobile white hat mobile security experts Aditya Gupta and Subho Halder who built the platform to demonstrate security flaws in the Android operating system. 

Gupta told SC that malware which used the laundry list of features would need to seek permissions, though they would appear limited to the user. 

He said conventional malware production on this scale would take writers a long time, but would produce tens of thousands dollars in criminal profits.

“For a basic effort at writing malware, that’s not even really trying hard, you can make $10,000 a month,” Gupta said via a Skype call from India.

“You get more when you distribute this malware to the contact lists and [build botnets].”

Writers would profit from scams such as phone diallers and by running their own ad networks within the hijacked applications, which Gupta said were typically legitimate apps that had been recompiled with malicious code.

The open source framework was built on php, Ruby, bash and Python among others.

However it wasn’t all about creating malware. Gupta said the platform contained vulnerability assessment components that app designers could use to identify security holes in their apps.

Gupta has identified security flaws in dozens of Android apps and in Adobe, Microsoft and Apple products.

The framework follows a long list of proof-of-concept malware applications that could raid Android devices.

In May, security researchers built an app that remotely activated a phone's microphone to eavesdrop on conversations, while an app in a third party store was found stealing SMS bank tokens. 

Last month, a security researcher developed an application capable of installing a rootkit on the devices which could replace applications with malciious replicas.

Android consistently tops the charts as the most malware-ridden platform.

The free framework was expected to be launched in September this year.

Malware designed under the framework was capable of:

• Getting call logs
• Getting contact information
• Getting email
• Sending new text messages
• Downloading any file from the SD card
• Creating a new file on the SD card
• Viewing the browsing habits
• Creating new bookmarks
• Recording and listening to phone conversations
• Switching the phone on or off
• Running root exploits
• Capturing the screen
• Make a call to a specified number
• Capture images with camera and uploading
• Starting at boot
• Remaining undetected by all Android anti-virus
• Obfuscating network data
• Respawning after it is closed
• Accessing the GPS location
• Starting any other application installed on the phone

Copyright © SC Magazine, Australia