How To Automatically Embed Payloads In APK’s With Evil-Droid, Thefatrat & Apkinjector

How To Automatically Embedding/Injecting Payloads in APK’s

We have taken a look at manually embedding payloads, now that we know how it works, we can automate the process with a variety of tools.



  • Saves time
  • Standardized process with predictable results
  • Completely automated

Structure of the series

  • Obfuscation
  • Persistence
  • Port Forwarding

Tools we will be using

  • Evildroid
  • Thefatrat
  • Apkinjector/Apkwash

Before we get started, I had mentioned in the live stream video, that not all applications will or can be compiled successfully, so I have tried various popular applications and it seems that the Google apps are prone to this.

Note about keystores: Keystores in Android are stored in the /root/.android directory


Liked it? Take a second to support Alexis on Patreon!
Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *