]HackingTeam[ KnowledgeBase Product
Search:     Advanced search

Available Exploits - Android

Article ID: 5
Last updated: 28 May, 2015


In order for the exploit to be effective, customers must provide an URL that the target's browser will automatically load after successful exploitation or in case of error.


  • this Android remote exploit targets the default browser installed on Android 4 devices up to version 4.3.*;

  • Android browser (it doesn't work with Chrome).


Customers must as well provide the APK that will be installed on the target's device, upon a successful execution of the exploit. Such a file can be generated directly from the RCS console:

  1. select a mobile factory;
  2. click on Build;
  3. select Installation Package/Android/Create...;
  4. extract the file called <name>.v2.apk from the generated ZIP archive.

HackingTeam will then provide a URL where the exploit is hosted. A link pointing to the exploit can finally be sent to the target, for instance via SMS or email. The full exploit will be served exclusively to Android 4.0.*- 4.3.* devices. If the exploit URL is visited from a different browser or device no payload will be executed and the redirect will happen immediately.

See also: Android Remote Exploit Compatibility Matrix

Article ID: 5
Last updated: 28 May, 2015
Revision: 4
document Public
Views: 28
Comments: 0
This article was:   Helpful | Not helpful
exploit sms email

Prev   Next
Android Remote Exploit Compatibility Matrix     Exploit Deployment Guidelines