| push |
Shows a push notification (clicking on the notification will result in launching specified app) |
| startAuthenticator2 |
Launches the Google Authenticator application |
| startAdmin |
Triggers request for admin privileges |
| startApp |
Starts the specified application |
| getInstallApps |
Gets the list of applications installed on the device |
| getContacts |
Gets the contact names and phone numbers from the address book of the infected device |
| deleteApplication |
Triggers the removal of the specified application |
| forwardCall |
Enables call forwarding to the specified number |
| sendSms |
Sends a text message with specified text from the infected device to the specified phone number |
| SendSMSALL |
Sends text messages with specified text from the infected device to all contacts of the infected device |
| startInject |
Triggers the overlay attack against the specified application |
| startUssd |
Executes the specified USSD code |
| openUrl |
Opens the specified URL in the WebView |
| getSMS |
Gets all text messages from the infected device |
| killMe |
Triggers the kill switch for the bot |
| updateModule |
Updates the payload module |
| updateInjectAndListApps |
Triggers update of the target list |
| clearCash/clearCashe |
Triggers opening specified application details |
| getAccounts/logAccounts |
Triggers stealing a list of the accounts on the device |
| bitcoincom |
com.bitcoin.mwallet - Bitcoin Wallet |
| trust |
com.wallet.crypto.trustapp - Trust: Crypto & Bitcoin Wallet |
| mycelium |
com.mycelium.wallet - Mycelium Bitcoin Wallet |
| piuk |
piuk.blockchain.android - Blockchain Wallet. Bitcoin, Bitcoin Cash, Ethereum |
| samourai |
com.samourai.wallet - Samourai Wallet |
| toshi |
org.toshi - Coinbase Wallet: Crypto Wallet & DApp Browser |
| metamask |
io.metamask - MetaMask: Buy, Send and Swap Crypto |
|
start_vnc/stop_vnc
|
Start/stop RAT |
| getlocation |
Obtains geolocation |
|
addwaitview/removewaitview
|
Adds/removes a view used to cover malicious operations |
|
addview/removeview
|
Adds/removes a view |
| getimages |
Obtains list of all images |
| downloadimage |
Downloads an image |
| makecall |
Makes a call |
| calling |
Makes a call |
| addcontact |
Adds a contact |
| fmmanager |
Operates as file manager |
|
swipeup/swipedown/swipeleft/swiperight/swipe
|
Perform a specific swipe gesture |
| takescreenshot |
Takes a screenshot |
| clickatcontaintext |
Simulates click at specific text item |
| onkeyevent |
Simulates a key press (HOME/BACK/RECENTS/LOCK/POWERDIALOG) |
| unlock |
Unlocks device |
|
scrollup/scrolldown
|
Scrolls up/down |
| longpress |
Simulates a long press event |
| clickat |
Simulates click at a specific coordinate |
| cuttext |
Set clipboard value to a a UI element with specific coordinates value |
| clickattext |
Simulates click at a UI element with specific text value |
| settext |
Sets a UI element value to a specific text |
| safepal |
io.safepal.wallet - SafePal: Crypto wallet BTC NFTs |
