DroidJack – A Quick Look at an Android RAT

DroidJack is a Remote Administration Tool (RAT) that can build and bind Android Packages (APK) for install on any Android device. This RAT can be found at droidjack.net and offers many features. The RAT sells for $200 as a one-time charge; which comes with lifetime access to all future updates. A few of the features include: File Voyager, SMS Trekker, Call Manager, Contacts Browser, Remote Eyes, Remote Ears, GPS Locator, Message Toaster and App Manager.

droidjack

Most of the features are self-explanatory such as Remote Eyes, which lets you take pictures and videos from the front or rear camera. File Voyager allows you to browse all files on the device and on the SD card. Options for File Voyager include: deleting, modifying and removing files. SMS Trekker can delete, read, write and send SMS messages. Call Manager can read and delete call logs as well as make calls and record calls. Contacts Browser can read, write, delete, and add contacts. Remote Ears can listen and record from the microphone at any time. GPS Locator can get previous location data as well as current GPS coordinates. Message Toaster can send a message to the screen of the android device. App Manager can read, open and delete applications. All of these options are easily accessible using the DroidJack Graphic User Interface (GUI).

After launching DroidJack you are presented with the DroidJack GUI. There are a few different tabs located at the top named: Devices, Generate APK, Theme, About, and Lounge. The tabs used in this exercise are the Devices and Generate APK tabs. To generate an APK you click on the Generate APK tab and then fill in the following information: App Name, File Name, Dynamic DNS, and Port Number. There is also an advanced options section that offers encryption and check boxes to turn features off such as File Voyager or SMS Trekker. Furthermore, there is a checkbox to activate stealth mode, which hides the app on the device. You can also hide or bind this RAT to another APK file. After filling out this information you can click the Generate button to generate the APK file.

droidjack2

To install the APK file on Android device, send the APK file to the device and then open the file. You will then be prompted to install the APK file. If you do not have allow Unknown Sources checked in the settings, you will receive a message stating the app was not installed because it was not from the Google Play Store. So here’s where the issue lies if you side load applications. Side loading is a method to install applications that do not come from the Google Play Store. If the allow Unknown Sources box is already checked the application installs as if it was any other app. If the user does not check the allow Unknown Sources box, the application will not install. In the real world this would take some social engineering to get the RAT installed on the user’s device as it would take some coercing to get the user to check the allow Unknown Sources box if they hadn’t already.

After the application is installed you can open the app. The app opens and then disappears, never to be seen again. If the stealth mode option was selected when generating the APK, the application will not show in the launcher menu. After the app has been opened once, it starts to talk back to the DroidJack server. In order for the server to listen for new devices the Reception icon must be set to “On.” After a few seconds, a notification is received stating that a new device has joined DroidJack.

At this point, we can do everything mentioned above including turning on the cameras, recording audio, deleting apps and sending SMS messages. Now it’s time to see if there are any apps in the Google Play Store that can detect DroidJack.

I downloaded a handful of security products to run against the device to see if they would pick up the RAT. I used AVG, Norton, Avast, and Kaspersky and guess what, every single application detected the RAT. I’m not sure what percent of the Android community installs antivirus (AV) applications on their devices but if they did, they would have been able to stop this attack. Free versions of the products listed above were able to detect the RAT as malware within seconds of starting a scan. When downloading the RAT, Avast was the only AV app to notify the user that it was malicious and asked to remove/block the app from the device.

In conclusion DroidJack did exactly what it said it could do by installing and reporting information back to the server. I tested a few functions by recording audio and video, deleting applications, sending a toast message, and using the GPS features, which all worked surprisingly well. Overall it was easy to install the RAT, but at the same time, if the allow Unknown Software box was not checked there were a few more hoops to jump through, which I assume (hope) most users would not do. I was very happy to learn that the AV apps I tested, detected and removed the RAT from the device.

Take-aways: If you use Android 1. Install an AV app 2. Do not check the allow Unknown Sources checkbox.

Leave a Reply