Android Botnet “DENDROID”
A botnet is a collection of Internet-connected programs communicating with other similar programs in order to perform tasks which can be controlled from anywhere by remotely accessing the panel of the server system. This can be as mundane as keeping control of an Internet Relay Chat (IRC) channel, or it could be used to send spam email or participate in distributed denial-of-service attacks and do other things like cypto currency mining and stealing informations. The term is usually used with a negative or malicious connotation.
This one “Dendroid” which is a botnet especially developed for attacking android user’s which has the functionalities like
ü Media volume up/down
ü Ringer volume up/down
ü Screen On
Which can turn on screen remotely
ü Record Calls
ü Block SMS
ü Record Audio
ü Take Video
ü Take Photo
ü Send Text
ü Send Contacts
ü Get user accounts
Which can get the user accounts that are being used in that mobile
ü Call Number
ü Delete Call Logs
ü Open Webpage
ü Update the app
ü Delete Files ( audio, video, pictures, calls )
ü Get Browser History
ü Get Browser Bookmarks
ü Get Call History
ü Open Dialog Box
ü Get Inbox SMS
ü HTTP flood
Which will make the phone slow by sending large number of HTTP requests
CERT-IN WARNING ON DENDROID
The Indian Computer Emergency Response Team (CERT-IN) warned about a currently active Dendroid malware campaign that is spreading across India, targeting Android users.(Beware that botnet is actually targeting the Indian user’s)
"It has been reported that a malicious toolkit called DENDROID is being used to create trojanized applications that infects Android-based Smartphones. The malware is created by modifying the required permissions by any clean APK (Android Application Package) with Dendroid RAT functionality that allows detailed management of the infected devices," the Computer Emergency Response Team of India (CERT-In) said in its latest advisory. The botnet is being discovered by the Symantec researchers.
This is how the panel of the botnet looks like
Android SDK with Ellipse (Java RE 7 is needed)
Web server with PHP, MySql, (Ion Cube LoaderVPS or free webhostings)
phpmyadmin (For Easy Database setup) localhost or an webhosting
Download these necessary files from here
Extract those files into a new folder
Extract those files into a new folder and copy those to the domains root directory or to the htdocs in the local system. The files can be uploaded to the server using filezilla or by using the file manager and then you have to set permissions for the files you have set the permission to 777 this can be done for linux hostings and vps by using the command chmod .
Open the panel folder then you will see the multiple php files you need to change the url of the server to your webhost url or the ip address change the url of the server as show in the picture for reg.php, applysettings.php, blockbot.php ,deletebot.php ,deletefile.php ,deletepics.php ,functions.php, table.php
Now create an database with full rights in the cpanel and go to your Phpmyadmin. (For Cpanel, Create a new DB and then click the Phpmyadmin icon *Note write down the server ip or name listed for the database*) Keep in note the password because you need to enter the Database user name and password while configuring the panel . If u enter the password incorrectly then your database wont be able to update the botnets and WONT work. After creating the database go to import and import the sql file present in the otherfiles folder which is being located in the panel.zip
After that go the panel user by navigating to your domain name that you given in your php files usually the domain link the panel configuration page will open you need to fill the username and password infos of database and panel as you needed
After that open the eclipse software and import the project files of the dendroid apk and then change the panel url and password it must be same as you give in the above step but u must have to encrypt it using the base64 algorithm it can be done by using this site https://www.base64encode.org/
After that you have to compile the files into an apk you can find it in the build path that will be located in the bin folder that apk can be directly used or it can be binded with other apps to hide it. Once you install it the app will be installed in a fake name. Once if the victim installs the apk the phone will be compromised then you can control it through the panel
you can see the victim in the panel after that you can select the bot and do the tasks you required.
[size=32]Counter measures to prevent this malware[/size]
v Install applications downloaded from reputed app stores only.
v Keep updating your mobile anti-virus and Firewall solution to protect your device from malware and cyber attacks.
v Always Check applications’ permissions before installing it.
v Never install the third party softwares before verifying them.
This tutorial is made for educational purpose only and this is made to create awareness about the malware and I am not responsible for what you do with this knowledge.
For more details and if you have any doubts comment here I will help you