How to Access an Android Phone using Kali Linux

Featured Image Access Android Phones Kali Linux

An Android smartphone is often a gateway to most commercial IoT gadgets. A Nest Smoke alarm is managed through a relevant Android app. So is a Nest Thermostat to control the temperature. Smart locks, doorbell cams – almost all smart devices can be accessed from Alexa or other master apps. What if someone were to gain remote access to such an Android phone? You think this is impossible? For this, we will give a basic demo of how a Kali Linux “metasploit” can be used to create a backdoor entry to your Android phone.

Note: this tutorial is for security researchers and hobbyists. We do not recommend hacking anyone’s phone without their permission.


Before you begin work on Kali Linux, you first need to familiarize yourself with its console terminal.

It readily hosts a comprehensive list of tools which are designed to target a device’s firmware or operating system.

Here, we will use one of the common tools called “MSFVenom” to insert a virus in an Android phone. It generates multiple kinds of payloads based on user selected options. The exploit works across many platforms including Windows, Android, OpenBSD, Solaris, JAVA, PHP, and gaming hardware.

Launching an Android Metasploit

The following steps will demonstrate how to download MSFVenom on a Kali Linux system.

Start the terminal and enter the following command.

Here, the payload is launched using an Exploit extension calleed “Meterpreter”.

Access Android Kali Linux Msfvenom Init

To determine the IP address of the listener host, open a new console terminal and enter ifconfig. Usually, port 4444 is assigned for trojans, exploits, and viruses.

Access Android Kali Linux Determine Ip Address

Once the IP address has been determined, go back to the previous screen and enter the details.

The file “hackand.apk” will be saved in the desktop and is the main backdoor exploit to be used on the Android phone.

Access Android Kali Linux Msfvenom Launched

In the next step, launch “msfconsole” which is a common penetration testing tool used with Kali Linux. For this, enter service postgresql start followed by msfconsole. PostgreSQL refers to a database where the console has been stored.

Access Android Kali Linux Starting Msfconsole

Once the penetration tool is ready, you can launch the remaining exploit.

Access Android Kali Linux Starting Msfconsole Part 2

Next, an executable called “multi-handler” will be used.

Refer to the image below for connecting the exploit with the console. The same IP address and port numbers will be used.

Access Android Kali Linux Multihandler

In the next stage, the msfvenom exploit will be launched and initialized with a simple exploit command. Now, we have to find a target which will be an Android phone.

Access Android Kali Linux Initialize Exploit

Connecting Kali Linux Terminal with Android Phone

The hackand.apk file which we downloaded earlier is only 10 KB in size. You will have to find a way to insert the file in the target’s phone. You can transfer the virus using USB or a temporary email service.

Generally, webmail providers such as Gmail or Yahoo will refuse to carry this virus infected file.

Android will warn you before you insert the software. But, it just takes less than 20 seconds to complete the installation as you only have to “ignore the risk and install.” This makes the threat somewhat serious if your phone is in unlock mode.

Access Android Kali Linux Virus Installed

As shown here, a lot of damage can be done to the phone including modifying the storage contents, preventing phone from sleep, connecting and disconnecting from Wi-Fi, setting wallpaper, and more.

Access Android Kali Linux Phone Device Access

Once the APK file is installed, it can be cleverly disguised within the phone.

Access Android Kali Linux App Installed

Now, you can use many commands like the following on Kali Linux terminal to control the phone. You don’t have to remember them really as the list is available from a simple help option in meterpreter.

  • record_mic: recording the microphone
  • dump calllog: get the call log
  • webcam_chat: start a video chat
  • geolocate: get the phone’s current location

Most advanced Android phones will prevent this malicious app from getting installed. So, this exploit will generally work with older Android models.


In this tutorial, we saw a basic strategy of using Kali Linux to gain access to an Android smartphone. Even though this is a very simple exploit, it has great implications in terms of IoT security.

What do you think of Kali Linux exploits? Will you be more cautious about your phone’s security? Do let us know in the comments.

Sayak Boral Sayak Boral

Sayak Boral is a technology writer with over ten years of experience working in different industries including semiconductors, IoT, enterprise IT, telecommunications OSS/BSS, and network security. He has been writing for MakeTechEasier on a wide range of technical topics including Windows, Android, Internet, Hardware Guides, Browsers, Software Tools, and Product Reviews.


    1. The KL terminal is waiting to detect any target device that will open the payload. Remember this is a penetration test so if the exploit fails to penetrate the phone, it means your Android phone was patched so this specific exploit may not work because your phone doesn’t let a suspicious network listen to. Only if the penetration was successful, a Meterpreter session will start. Your phone has to be connected to same Wi-Fi as the KL terminal PC. A penetration attempt, by definition, is not always successful so you must keep trying it with other exploits and tools which you can find on One way (method not covered in this article) is to use a port forwarding service on your KL terminal like Ngrok. But have noted this issue, and we will try to bring a new article which deals with solutions to common stalled penetration attempts.

  1. perfect… but it doesn’t clear for me about how to insert that file to target phone. Is their clear way…

    1. See the last section. It’s a penetration test so the objective is to test a phone’s vulnerability to a potential. The only way this test will work is to find an unlocked phone where the payload file (hackand.apk) is inserted manually or by using a temporary email service. It should take around 3-5 minutes to insert the file.

  2. it dosn’t work for me when the trojan is insert its automaticly closed after 30 seconds (session died) do you have a solution for that ?and thanks for all …

Comments are closed.