XYSEC Labs security experts Aditya Gupta and Subho Halder have developed the Android Framework for Exploitation (AFE), an open source project that’s meant to demonstrate the existence of security holes in the popular mobile operating system.
According to the researchers, the framework can be easily utilized to create malware and botnets, find vulnerabilities, use exploits, gain access to apps, steal sensitive data, and execute arbitrary commands on infected devices.
“For the start, we have built some pre-defined templates, in which the malware services could be injected, and the apk would be built. We have kept in mind that, it should be easy to use. The user just needs to input his local IP, and the features he would like to have in his malware, and just build it. That’s it. No programming needed,” he explained.
Recently, a wave of spam messages received by Android users has caused a lot of buzz in the security community, many professional pointing the finger at the first-ever Android botnet.
It later turned out that it wasn’t the case, but with the Android Framework for Exploitation the experts want to demonstrate that an Android botnet is certainly possible.
AFE’s botnet module includes options that allow the malicious element to remain hidden from the victim, the capability of re-launching itself in case of a crash, and an automatic startup feature on device boot.
The project is open source because the experts want to allow other developers to pitch in their ideas and enhance AFE’s capabilities.
AFE is constantly being improved by Gupta and Halder, but after its public release in September, the experts are counting on the community’s support in making the framework as complex as possible.
Via: Experts Demonstrate Security Holes in Android with Exploitation Framework
Tidak ada komentar:
Posting Komentar