Penetration Testing

Android Mobile Exploitation with Evil-Droid

Hello friends! Today you will learn how to generate apk payload with help of “Evil-Droid”. It is the tool used to compromise any android deceive for attacking point, we are using it only for educational purpose.

Evil-Droid is a framework that creates & generates & embed apk payload to penetrate Android platforms.


Attacker: Kali Linux

Target: Android

Lets Begin !!

Open the terminal in your Kali Linux and execute given below command to download it from git hub.

git clone

Now open the downloaded folder in terminal and type given below command to give all permission to the script “evil-droid”

chmod 777 evil-droid

Now execute given below command to run the script and lunch the evil-droid application.


When you will execute above command evil-droid will start as shown in given below image. Here it will start from testing internet connection and its dependencies from available kali Linux tool by its own.

Then a prompt will pop up to confirm the Evil droid framework requirement, here select option “yes”.

Now Evil droid framework will get open to hack remote android platform by executing given below options.

[1] APK MSF                                    

[2] BACKDOOR APK ORIGINAL (OLD)                

[3] BACKDOOR APK ORIGINAL (NEW)                

[4] BYPASS AV APK (ICON CHANGE)                

[5] START LISTENER                             

[c] CLEAN                                       

[q] QUIT                                       

[?] Select

From given below image you can perceive that we had chosen the option as “BACKDOOR APK ORIGINAL”

After that again a prompt will pop up in order to set LHOST [attacker’s IP] for reverse connection. Enter your Kali Linux IP in the given text field as shown in given below image.

After that again a prompt will pop up in order to set LPORT for reverse connection as shown in given below image.

In next prompt enter payload name, you want to give to your apk payload as shown in given below image. Here I had given baidu-broswer name to my payload.

Now when everything is set by an attacker for generating an apk payload, at last, he will get a list for payload option to choose the type of payload he wants to generate as shown in given below image.

Here I had selected “android/meterpreter/reverse_tcp” as payload.

Now download any original apk file from Google in order to hide your payload in that file. Here I had downloaded baidu.apk to hide my baidu-browser payload inside it; you can download any other apk file of your choice.

This will now generate a malicious baidu.apk by hiding our backdoor inside it as shown in the given below image. Now copy this malicious apk from given path /root/Evil-Droid/evilapk/baidu-browser.apk and send it to the victim.

On another hand another prompt will pop up to choose the following option:

  • Multi-Handler
  • Attack-vector
  • Main menu
  • Exit

From given below image you can observe that I had chosen “multi handler” for reverse connection of victims system.

Now it will lunch multi-handler and start reverse TCP handler on attacker machine as shown in given below image. As soon as the victim will download and run the malicious baidu.apk, the attacker will get unauthorized access of his deceive on his machine.

Great!! From given below image you can observe meterpreter session 1 is opened

meterpreter> sysinfo

Author: Sanjeet Kumar is an Information Security Analyst | Pentester | Researcher  Contact Here

3 thoughts on “Android Mobile Exploitation with Evil-Droid

  1. How can we see the content or dump contacts or SMS after closing Kali Linux
    I mean how to get information for the second time as we will close Kali Linux at sometime…..

Comments are closed.