Important Note : This Tutorial , Demo and Practicals are only for educational purpose. I am not responsible for you do anything wrong. Don't misuse this tutorial. If misused you will be locked up with jail. Understand the safety measures from this tutorial. Stay safe and secure.
Hello guys, now a days we can't able to move on internet with safety. Many hackers make people victim in different methods. Today i am gonno share you a shocking method which hackers used to hack our facebook account.
I hope many of us know about phishing. If you donno about phishing attack » click here to read what is phishing « (in simple words phishing is a fake login page of the official page)
As a next level to phishing attack, now a days hackers use phishing applications with smarter data collection. What is phishing application ? same like phishing page, phishing application contains fake login page when you open the application. for better understanding i have made a demo Tutorial here from hackers view as well as victim view.. At the end of the page also attached how to stay safe and secure from these type of attacks.
Ok. Stop boring and let's get into the topic. I have created a ready made apk to show demo here. and also i will explain how the hackers make there own. The apk used here is faked as a FB auto liker to make the victim fall in our attack.
Important Note !
This Tutorial , Demo and Practicals are only for educational purpose. I am not responsible for you do anything wrong. Don't misuse this tutorial. If misused you will be locked up with jail. Understand the safety measures from this tutorial. Stay safe and secure.
Let's see how hackers create a Phishing apk using a ready made apk,
Step by step tutorial : (if you feel hard to go with written Tutorial head over to the video tutorial for better visual understanding)
[Step 1]
creating the project and application
• Visit here (firebase)
• Login with your gmail account
• Click "Add project"
• Type Project name (any)
• Type Project id (anything available)
• Select country and click proceed.
• Now choose "Android app" icon
• Continue » fill package name » finish.
• After all done click menu
• Choose settings
• Note down all the details given there.
for example,
» Project id
» Web API key
» App id
Note down these above said id's it will be used later on app modification.
[Step 2]
Database creating
• Click menu » database
• RealTime database » Start
• Save Public » All done
• Now at the database view top title bar you can see the database URL link. Note down that some where. It will be used later on the app modification.
[Step 3]
App modifications
App modifications
• Download Readymade apk
• Download Apk editor Pro
(download link at end of the post)
(it was zipped with password for safety purpose)
(extract it and you will find the apk inside it)
(password for zip file at the YouTube description)
(YouTube video link at the end of the post)
• Now open Apk editor
• Click "Select an Apk File"
• Select the apk file from its path
(Readymade apk name : FB auto Liker)
• Click FULL EDIT (RESOURCE RE-BUILD)
• Choose "String" and scroll down
• Watchout Last four strings
namely,
» Firebase Database URL
» Project ID
» Google App ID
» Google API key
• Now we need to replace with our own id,url and key
• We already note down Project id , Web API key and App id frok the step 1.
• Also we note down the Database URL from step 2.
• Now let's replace those over here in apk editor strings.
• After Replacing click Build Apk.
• All done.
• Now our own phishing apk is ready.
• Backup the apk and send to victim.
[Step 4]
Victim View
• Now victim get fooled by app name and icon
• They thought that its a real fb auto liker.
• They install and open the application
• When they open it they force to login with there fb account to get access token for free likes.
• They type there Email and Password and click Login. And the application say, "NO INTERNET CONNECTION !" even the victim connected to the internet. All done !
[Step 5]
Behind the scene
• When victim login to the fake app, the app says no internet connection. Yes. That too fake. The app is just designed like that.
• After trying multiple times, The victim thought that app was not working and leave the app or uninstall it.
• Behind the scene : When victim clicks Login button after entering Email and password, those data has been collected by the app as a map&key files and send those to our database which we created in step 2.
[Step 6]
How to view collected data from database
• Visit here
• Click your project
• Click menu » database
• BOOM ! Here goes the victim data.
Note : Victim internet connection must need to be on while using our application.
YOUTUBE VIDEO LINK
If you feel anything difficult in this tutorial don't worry watch our video tutorial for better visual easy understanding.
DOWNLOAD LINKS
Download links for the applications used in this post are given below. If ad appears wait for 5 seconds and click skip to redirect to download page. Comment below if download doesn't works or expires.
Download - FB Phishing.apk
How to Stay secured from these attacks ?
Do not install any third party apps
Do not enable unknown source
Don't trust auto likers
Check with fake identity at beginning
Instead of using read id
Stay secured !
CONCLUSION
Do not install any third party apps
Do not enable unknown source
Don't trust auto likers
Check with fake identity at beginning
Instead of using read id
Stay secured !
CONCLUSION
I hope you like this post. Practice and have fun. But, never ever misuse this in anycase. Just do it for educational purpose. If you have any doubt, questions, or anything else feel free to ask me. Comment below. Sharing is caring. :) Share this post with your friends. Thank you. Keep visiting for more interesting articles.
){kind=link}