top of page
  • Writer's pictureotw

Android Hacking, Part 4: A Compendium of Android Remote Administration Trojans (RATS)

Updated: Dec 28, 2022

Welcome back, my aspiring cyberwarriors!

In light of the recent revelations regarding Israel's NSO group and their cellphone malware known as Pegasus, I thought it would be good time to catalog some of the better-known Remote Access Trojans (RATs) available for the Android OS. This is not meant as an exhaustive list, but simply a list of some of the better known RATS. If you know of others not on this list, please email me at

I have tried to compile a list with each RATS name, source-code location (if open source) and key features.

Cerberus Banking since deleted

Cerberus is a banking RAT targeting the Android OS. First spotted in June 2019. It was embedded in Google Play apps. Developers tried to auction source code for $100,000 but when that failed, they released it for free to public. Developers claim that it uses no code from previous RATS making it harder to detect with AV.

  • Bots

  • Bank and CC Logs information

  • Mail logs

  • SMS, Call (+Forward), Contact, GPS, Audio

  • Monitoring all activity / logs

  • Push to turnoff Play Protected (Disable)

  • Download, Install, Remove Apps

  • Lock device


Developed by the Israeli cyberarms company, NSO group, and sold to government's around the world, Pegasus is among the most expensive and effective mobile spyware. Available for both the IPhone and Android, Pegasus enables a jailbreak on the device. It has been effectively used by the UAE to spy on Ahmed Mansoor in 2016, the Mexican drug cartels to spy on Mexican journalists, and Saudi Arabia to spy on Jamal Khashoggi, the Washington Post journalist, before killing and dismembering him in the Saudi embassy in Turkey.

  • Storage, Microphone, Location

  • Screenshot

  • Calendar

  • Instant Messaging

  • Contact & Call & SMS & Mail

  • Browser History

  • Device Setting

  • Skype

  • Telegram

  • Whatsapp


Available at

  • Camera, Microphone, Location

  • Storage

  • SMS, CALL, Contact

  • Whatsapp Reader

  • Browser History

  • App Manager



  • Bind app, Storage, Location

  • SMS, Call, Call logs, Contact, Camera

  • Listen live conversation through mic, record mic sound live.

  • Check browser history.

  • Check installed apps.

  • Get phone’s information (IMEI, WIFI MAC, PHONE CARRIER).

  • Fun Panel (Show messages, shake the phone etc)


  • Camera, Mircophone,

  • Storage, Location

  • Message, Call, Call logs, Contact


  • execute command

  • process lost

  • camera snap, stream, list, microphone


  • Add and remove app

  • Camera, Microphone, Storage

  • Call & SMS

  • Remote Device Controller


  • Storage access

  • Android Tools such, take photo, screenshot etc

  • Record audio

android_trojan / Android Trojan

  • shell command, browser history, microphone, location, storage

  • add and remove app

  • call log, contact,sms dump,


  • Fully Remote Access

  • File Manager, add and remove apps

  • App Widgets

  • Full System Information

  • Call & SMS

Android Voyage

  • Remote Android Screen

  • Screenshot, keylog, traffic monitor

  • Make as system application

  • Lock unlock, hide unhide app

  • Remove android password

  • Message Access

  • Bricks the device, Anti Antivirus

  • Self Destructive Mode

  • Password Grabbers


  • camera

  • audio

  • keylogger

  • storage

  • download upload

  • location

  • etc


  • Contact

  • System

  • App

  • Storage

  • Call

  • Message

  • Shell


  • SMS, Call, Call logs, Contact, Toast, Browser

  • Storage, Location, Microphone, Camera

  • Phone's Hardware and Software details

  • Sim details

  • Internet details and IP

  • offline commands for bots

  • Multiple commands for multiple bots

  • http RAT ( not required port forwarding)


  • Installed applications

  • Phone number

  • Phone Unique ID

  • Location (the application tries to switch on the GPS, 10s capture location)

  • Contact, SMS, Call logs, Call, Mails

  • Storage, Microphone

columbus-trojan (cute trojan)

  • Image (front-facing camera)

  • 10-second sound clip (microphone)

  • Location (mobile triangulation)


  • Admin

  • Voice record

  • Message

  • Location


  • Text to speech for Android to say stuff out loud

  • webcam snapshots (front cam & back cam)

  • GPS tracker !

TeleRAT and IIRAT (Telegram BOT)

  • Clipboard

  • App list

  • SMS, Contact

  • Storage, Microphone, Camera

  • Control Admin Screen, Vibrate

Hidden Cobra

  • Proxy

  • Contact

  • SMS

  • Payload


  • SMS, Call, Call logs,

  • Opening web pages

  • Uploading images and video

  • Opening an application

  • Performing denial-of-service attacks

  • Changing the command and control server


  • Similar with dendroid

  • Actually Botnet by dendroid

  • SMS

  • Camera, Storage, Microphone

  • Browser open page


  • Mic

  • botnet

  • steal log


  • Camera

  • Location

  • Storage


  • Incoming outgoing SMS


  • Get messages

  • Screenshot Functionality

  • Camera Access

  • Add Google form for passwords

Triout Framework

  • Record phonecall, save it, send it to C&C

  • SMS Logs

  • Call Logs

  • Steal Images or Video, Camera Access

  • Hide


  • Storage

  • Location

  • Camera

  • Admin

  • not deletable

  • more


  • Real-time command execution

  • Schedule commands

  • Hidden app icon (stealth mode)

  • SMS, Call, Call logs, Contact

  • etc

Adroid Spy App

  • Contact, Call logs, SMS

  • Logs

  • Location, Storage

  • Etc

SpyApp Client

  • Notification Listener (Facebook, whatsapp, email, instagram etc)

  • Call Logs

  • Contact

  • SMS

  • Etc

i-spy Android

  • Camera

  • Location

  • Storage

  • Etc


  • Storage

  • Phone information

  • Call SMS MMS

  • Contact

  • GPS Location

  • VOIP record such Skype, WeChat, Viber, LINE etc


  • GPS location

  • Audio record, call record

  • Screen recording

  • Keylogger and fingerprint-device duplicate

  • History browser and Call log, SMS Email logs, create a Call and SMS

  • Contact and calendar

  • Shell as root (rooted/rootable)

Joker (infect many apps in playstore)


  • Storage

  • Manipulating subscription (money)


  • similar "Adroid Spy App"

  • Call, SMS, Contact, Phone Information

  • Camera, Audio, Location, Storage

  • Account Detail

  • Lock, Vibrate, Flash

  • Owner Access (Boot)

  • Inject, Install / Remove Apps

  • Logs and Keylog (messenger, socialmedia)


  • Hijack Session, apps log

  • Almost all permission

TearDroid PHP

  • Command

  • SMS Contact Call

  • Storage


  • Camera

  • SMS Contact Call

  • Storage

  • Install, Inject


  • SMS Contact Call

  • Storage

  • exfiltrate

BlueEagle jRAT

  • similar "jRAT"

  • Call, SMS, Contact, Phone Information

  • Camera, Audio, Location, Storage

  • Account Detail

  • Owner Access (Boot)

  • Block google protect



  • GPS


Mass RAT

  • sms call

  • storage

  • camera, etc


  • storage, camera

  • audio, etc

Rogue RAT

  • Camera, Audio

  • Storage, GPS

  • Keylog, etc


  • Camera, Microphone, Phone

  • Storage, GPS

  • Install, Account Credentials, etc

Rafel RAT

  • GPS, Storage

  • Camera, Audio, Phone

Look for our upcoming Android Hacking training where we will deploy some of these RAT's and develop our own.


Recent Posts

See All
bottom of page