How to create a Backdoor for Android systems


There are lots of documentation, how-to and videos today on the net to create our own backdoor for Android devices. Therefore, it’s increasingly easy to “develop” a backdoor and trojan to spy someone and thus this is extremely dangerous in the wrong hands. Once again, if we don’t want to be the victim, security awareness is too important to detect social engineering attacks and block access to malicious websites or unknown mail.

I’m going to write an easy how-to today to create a backdoor for Android devices although there are many tutorials on the net like this. Of course, I’m not responsible for any illegal activity performed by the reader because this is for education purpose only.

Step 1: We are going to create a payload .apk file from Kali Linux with the MSFvenom tool. This tool is a combination of msfpayload and msfencode, which are no longer used.

MSFvenom payload

-p = Payload to be used
LHOST = Localhost IP to receive a back connection. We have used private IP address for testing into the lab while if the victim are going to be on the Internet, LHOST should be a public IP address.
LPORT= Localhost Port on which the connection listen for the victim.
R = Raw format (We select apk).
Location = to save the file.

Step 2: Once successfully created .apk file, we have to sign the .apk file because Android devices don’t allow installing apps without the appropriately signed certificate. Therefore, we are going to sign the .apk file manually.

First, if we don’t have a valid keystore, we have to create our own keystore.

Keytool making Keystore

Second, we are going to sign the .apk file with our own key.

Signing an apk file with JARsigner

Third, we are going to align the .apk file into a new file with zipalign. It’s important to highlight that zipalign package isn’t installed by default in Kali Linux thus we’ll have to install zipaling previously with apt-get install zipalign.

Aligning the apk into new file using zipalign
 
Step 3: We have already finished with the backdoor app and it’s time for starting the listener with multi/handler exploit using Metasploit.

Starting Metasploit
 
We’ll also have to setting up the parameters for listening in the right IP address and TCP port number with a reverse TCP meterpreter:

Setting up the exploit

Finally, we run the exploit and wait for victims:

Executing the exploit

Step 4: It’s time for sharing and installing the android.apk file to the victim mobile device. If we have configure a public IP address into the apk payload, we can use the android.apk file everywhere, which is what attackers actually do. On the other hand, the way to share the android.apk file is up to you because what attackers actually do is sharing by social networks, mail, etc.

Installing the application on an Android device

Step 5: Once the App is installed into the victim mobile device, we can go back to Kali Linux to see a session meterpreter is opened, which means we have access to the mobile device.

Successfully got the meterpreter session
From a session meterpreter we can get contacts (dump_contacts), last calls (dump_calllog), upload/download files, record audio with the microphone (record_mic), even take picture or open the webcam.

Webcam Streaming
 
As we can see, it’s easy to create a backdoor for Android mobile devices. From my point of view, it’s a cyberweapon for spying that in the wrong hands, and with a little bit creativity, could be harmful for innocent people.

Regards my friends and be a good guy!

Commentaires