Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time
January 5, 2018 10:56
August 23, 2015 00:56
June 18, 2015 07:35
June 20, 2015 18:31
June 20, 2015 18:31

Android Malware Example

Harmless Android malware using the overlay technique to steal user credentials.

UPDATE 15.12.2016 we open-sourced our Android Overlay Protection app, you can check it out the source code here.

UPDATE starting with Android 5.1 the ActivityManager.getRunningAppProcess API don't return all processes running on the system anymore. We moved to a more naive solution which doesn't require any permissions, for more information press here.


This software is intended to sensitize users to this kind of attacks. Don't use it for any other purposes!

Quick Start

In the main screen you can select which application are going to be overlayed (currently between Linkedin, Skype, and UBS Mobile App). Furthermore you can choose the type of overlay between:

  • View overlay with WindowsManager.addView
  • Activity overlay with startActivity

The application has been tested on Nexus 5 with Android 6 (Real device) and Nexus 5X with Android 4.4.2 (Emulator).

For more background information about overlays please check our last blog post.


First you need to download the last APK from the project release page. If you prefer, you can clone the source and build the package yourself. Since the package is not coming from Google Play, you need to enable the "Unknown sources" flag in the Security Settings of the device. This last step is only required if you are deploying to a real device, emulators normally allows install of untrusted apps by default. To install on a real device, you can issue the following command:

adb install -r android-overlay-malware-example-X_X.apk

or just upload/download it from a cloud storage and install it directly on the phone. You should then find the Demo Malware application in the application list. Per default the malware will try to inject to all supported application, you can change this behaviour by adjusting the settings directly within the application.

Some screenshots

Home Screen

Skype Overlay

UBS Overlay


Harmless Android malware using the overlay technique to steal user credentials.







No packages published