Welcome back, my aspiring cyberwarriors!
In light of the recent revelations regarding Israel's NSO group and their cellphone malware known as Pegasus, I thought it would be good time to catalog some of the better-known Remote Access Trojans (RATs) available for the Android OS. This is not meant as an exhaustive list, but simply a list of some of the better known RATS. If you know of others not on this list, please email me at occupytheweb@protonmail.com.
I have tried to compile a list with each RATS name, source-code location (if open source) and key features.
Cerberus Banking
https://vxug.fakedoma.in/code/leaks/CerberusLeak.zip since deleted
Cerberus is a banking RAT targeting the Android OS. First spotted in June 2019. It was embedded in Google Play apps. Developers tried to auction source code for $100,000 but when that failed, they released it for free to public. Developers claim that it uses no code from previous RATS making it harder to detect with AV.
Bots
Bank and CC Logs information
Mail logs
SMS, Call (+Forward), Contact, GPS, Audio
Monitoring all activity / logs
Push to turnoff Play Protected (Disable)
Download, Install, Remove Apps
Lock device
Pegasus
Developed by the Israeli cyberarms company, NSO group, and sold to government's around the world, Pegasus is among the most expensive and effective mobile spyware. Available for both the IPhone and Android, Pegasus enables a jailbreak on the device. It has been effectively used by the UAE to spy on Ahmed Mansoor in 2016, the Mexican drug cartels to spy on Mexican journalists, and Saudi Arabia to spy on Jamal Khashoggi, the Washington Post journalist, before killing and dismembering him in the Saudi embassy in Turkey.
Storage, Microphone, Location
Screenshot
Calendar
Instant Messaging
Contact & Call & SMS & Mail
Browser History
Device Setting
Skype
Telegram
Whatsapp
DroidJack
Available at https://droidjack.net/
Camera, Microphone, Location
Storage
SMS, CALL, Contact
Whatsapp Reader
Browser History
App Manager
AndroRAT
https://github.com/The404Hacking/AndroRAT
Contact, Call logs, Call, SMS
Location, Camera, Microphone
Streaming video (for activity based client only)
Do a toast, message
Give call
Open an URL in the default browser
Do vibrate the phone
SpyNote
Bind app, Storage, Location
SMS, Call, Call logs, Contact, Camera
Listen live conversation through mic, record mic sound live.
Check browser history.
Check installed apps.
Get phone’s information (IMEI, WIFI MAC, PHONE CARRIER).
Fun Panel (Show messages, shake the phone etc)
Camera, Mircophone,
Storage, Location
Message, Call, Call logs, Contact
TheFatRAT https://github.com/Screetsec/TheFatRat
execute command
process lost
camera snap, stream, list, microphone
BetterAndroRAT https://github.com/mwsrc/BetterAndroRAT
Add and remove app
Camera, Microphone, Storage
Call & SMS
Remote Device Controller
UnknownRAT
Storage access
Android Tools such, take photo, screenshot etc
Record audio
android_trojan / Android Trojan https://github.com/androidtrojan1/android_trojan
shell command, browser history, microphone, location, storage
add and remove app
call log, contact,sms dump,
OmniRAT
Fully Remote Access
File Manager, add and remove apps
App Widgets
Full System Information
Call & SMS
Android Voyage
Remote Android Screen
Screenshot, keylog, traffic monitor
Make as system application
Lock unlock, hide unhide app
Remove android password
Message Access
Bricks the device, Anti Antivirus
Self Destructive Mode
Password Grabbers
NetWire
camera
audio
keylogger
storage
download upload
location
etc
Contact
System
App
Storage
Call
Message
Shell
LokiDroid
SMS, Call, Call logs, Contact, Toast, Browser
Storage, Location, Microphone, Camera
Phone's Hardware and Software details
Sim details
Internet details and IP
offline commands for bots
Multiple commands for multiple bots
http RAT ( not required port forwarding)
KevDroid
Installed applications
Phone number
Phone Unique ID
Location (the application tries to switch on the GPS, 10s capture location)
Contact, SMS, Call logs, Call, Mails
Storage, Microphone
columbus-trojan https://github.com/project-columbus/trojan (cute trojan)
Image (front-facing camera)
10-second sound clip (microphone)
Location (mobile triangulation)
GhostCtrl
Admin
Voice record
Message
Location
Text to speech for Android to say stuff out loud
webcam snapshots (front cam & back cam)
GPS tracker !
TeleRAT and IIRAT (Telegram BOT)
Clipboard
App list
SMS, Contact
Storage, Microphone, Camera
Control Admin Screen, Vibrate
Hidden Cobra
Proxy
Contact
SMS
Payload
Dendroid https://github.com/nyx0/Dendroid
SMS, Call, Call logs,
Opening web pages
Uploading images and video
Opening an application
Performing denial-of-service attacks
Changing the command and control server
Casperspy https://github.com/dhanumurti
Similar with dendroid
Actually Botnet by dendroid
SMS
Camera, Storage, Microphone
Browser open page
Joanap
Mic
botnet
steal log
SHConnect
Camera
Location
Storage
HighRise
Incoming outgoing SMS
Get messages
Screenshot Functionality
Camera Access
Add Google form for passwords
Triout Framework
Record phonecall, save it, send it to C&C
SMS Logs
Call Logs
Steal Images or Video, Camera Access
Hide
Cerberusapp
Storage
Location
Camera
Admin
not deletable
more
Real-time command execution
Schedule commands
Hidden app icon (stealth mode)
SMS, Call, Call logs, Contact
etc
Adroid Spy App https://github.com/abhinavsuthar/Android_Spy_App
Contact, Call logs, SMS
Logs
Location, Storage
Etc
SpyApp Client https://github.com/ghazikr/SpyAppClient
Notification Listener (Facebook, whatsapp, email, instagram etc)
Call Logs
Contact
SMS
Etc
i-spy Android https://github.com/JohnReagan/i-spy-android
Camera
Location
Storage
Etc
FinSpy
Storage
Phone information
Call SMS MMS
Contact
GPS Location
VOIP record such Skype, WeChat, Viber, LINE etc
Monokle
GPS location
Audio record, call record
Screen recording
Keylogger and fingerprint-device duplicate
History browser and Call log, SMS Email logs, create a Call and SMS
Contact and calendar
Shell as root (rooted/rootable)
Joker (infect many apps in playstore)
SMS CALL CONTACT
Storage
Manipulating subscription (money)
similar "Adroid Spy App"
Call, SMS, Contact, Phone Information
Camera, Audio, Location, Storage
Account Detail
Lock, Vibrate, Flash
Owner Access (Boot)
Inject, Install / Remove Apps
Logs and Keylog (messenger, socialmedia)
Strandhogg
Hijack Session, apps log
Almost all permission
TearDroid PHP https://github.com/ScRiPt1337/Teardroid-phprat
Command
SMS Contact Call
Storage
AndroSpy https://github.com/qH0sT/AndroSpy
Camera
SMS Contact Call
Storage
Install, Inject
GravityRAT
SMS Contact Call
Storage
exfiltrate
BlueEagle jRAT
similar "jRAT"
Call, SMS, Contact, Phone Information
Camera, Audio, Location, Storage
Account Detail
Owner Access (Boot)
Block google protect
TalentRAT https://github.com/honglvt/TalentRAT
SMS CALL CONTACT
GPS
CAMERA AUDIO
sms call
storage
camera, etc
storage, camera
audio, etc
Rogue RAT
Camera, Audio
Storage, GPS
Keylog, etc
LodaRAT
Camera, Microphone, Phone
Storage, GPS
Install, Account Credentials, etc
Rafel RAT https://github.com/swagkarna/Rafel-Rat
GPS, Storage
Camera, Audio, Phone
Look for our upcoming Android Hacking training where we will deploy some of these RAT's and develop our own.