How I built an Android Spyware using Ruby on Rails and Metasploit

Last year I had to present my dissertation paper and I chose to build a spyware tool for Android devices. I got a lot of requests to document the installation process, so feel free to check it if you are passioned about hacking stuff.

Disclaimer

This software is for educational purposes only. Using the tool for spying real devices is strictly illegal. USE THE SOFTWARE AT YOUR OWN RISK. THE AUTHOR ASSUMES NO RESPONSIBILITY FOR YOUR USAGE.

We strongly recommend you to have coding and Docker knowledge. Do not hesitate to read the source code and understand the mechanism of the tool.

The tool, which is education only, spawns a command & control web GUI for spying Android devices, which is built around Metasploit & ADB.

The tool:

• Uses Docker containers to simulate a Kali Linux environment with the metasploit framework
• Uses RPC calls to communicate with the Metasploit framework API
• Uses ADB to install the payload on the target device & implement additional functionalities (the device must be in the same LAN)

Installation

For installation you will need Docker and Chocolatey. Since the application is dependent on many third party tools, Docker helps to deliver the solution without the burden of downloading and configuring all the neccessery packages.

All the installation steps are available on my Github: https://github.com/CanciuCostin/android-spyware

Once you’ve installed and started the app, you will be able to initiate different actions such as:

• taking camera pictures
• dumping contacts, phone calls and messages
• accessing file system

Don’t hesitate to contact me if you have any questions on how to test the tool.