Android is the most popular mobile operating system globally and an attractive target to attackers worldwide due to its open-source nature and fragmentation (as the OS runs on devices manufactured by different companies with each manufacture tweaking the OS for its own convenience). Android ecosystem also allows users to install third party mobile applications and controls on Play Store are less stringent than App Store. All these factors make Android OS the perfect attack surface and make it possible for hackers to exploit user’s android device by making them install APK (Android Application Packages), or by trojanizing a legitimate application.
•Hackers first need to get the victims to install the malicious APKs on their mobile devices, for which hacker may employ social engineering tactics.
•When the victim installs the APK by clicking on it, he/she may receive numerous warning messages on highlighting the dangers of installing apps from unknown sources. The victim can also see that the app is requesting a lot of permissions e.g., access to camera, microphone, location, contacts, SMS, etc.
•Post installation, the hacker receives a connection on his hacking device, thus granting access and control of infected device with hacker to facilitate malicious actions.