0

I have an Android malware APK which is sending out SMS messages and subsequently deleting them, so they are not visible in the Messages app. The code of the application is obfuscated, so I am not able to read the code.

I want to find out the content and recipients of the SMS messages sent out by the app while running it in an emulator.

Is there a way to monitor the SMS sent out by the application, just like we monitor the internet traffic using monitoring tools?

Update: The malware seeks permission for becoming the default SMS application. It terminates if it is not granted the permission.

Yash Dhingra
  • 104
  • 1
  • 7
  • 1
    well, if this is your application, there are a lot of things you can do to monitor this, you can log it, send it to an api, any number of things, right ? – a_local_nobody Sep 08 '21 at 10:13
  • As I mentioned, I just have the APK. I've also mentioned the code is obfuscated. This should make it amply clear it is not my own application. – Yash Dhingra Sep 08 '21 at 10:14
  • 1
    `This should make it amply clear it is not my own application.` not really, considering that we as developers generate obfuscated apks as part of releasing them – a_local_nobody Sep 08 '21 at 10:18
  • But we as developers don't try to read our own obfuscated code, when we have the un-obfuscated code available. – Yash Dhingra Sep 08 '21 at 10:20
  • what you're trying to achieve doesn't sound secure at all, doesn't sound like something which should just be easily doable, so it _probably_ isn't possible, might be on a device which rooted but even then don't think you'll find any simple answers for this, maybe not here – a_local_nobody Sep 08 '21 at 10:30
  • 2
    Does this answer your question? [Intercepting Outgoing SMS](https://stackoverflow.com/questions/7550178/intercepting-outgoing-sms) – a_local_nobody Sep 08 '21 at 10:31
  • 1
    Which Android version are you running this on? It would have to be before KitKat for this to make any sense, unless you're knowingly setting this malware app as your default SMS app. The default is the only one that can delete messages since KitKat >4.4. Also, how exactly are you determining that it is indeed sending and deleting these messages? And how are you doing that without being able to see the messages/recipients? In any case, SMS support in the emulators has always been limited and flaky, so I wouldn't really expect any such tooling to be available, but someone might know differently. – Mike M. Sep 08 '21 at 10:35
  • 1
    However, if this app is indeed deleting text messages that have been written to the Provider, you could set up another app with a `ContentObserver` to monitor the changes to the SMS sent box. I'm not so sure that that's really what's happening, though. – Mike M. Sep 08 '21 at 10:35
  • @a_local_nobody Not completely, but it did give me an idea. I can create my own SMS monitoring app and place it in the same emulator. Will try that and update here if it works. Thanks! – Yash Dhingra Sep 08 '21 at 10:38
  • @MikeM. : Thanks for the idea. Will try this out. The malware IS seeking permission to become the default SMS application, that's why it is able to delete SMS messages. – Yash Dhingra Sep 08 '21 at 10:44

0 Answers0