top of page
Search
  • Writer's pictureotw

Android Hacking, Part 4: A Compendium of Android Remote Administration Trojans (RATS)

Updated: Dec 28, 2022

Welcome back, my aspiring cyberwarriors!


In light of the recent revelations regarding Israel's NSO group and their cellphone malware known as Pegasus, I thought it would be good time to catalog some of the better-known Remote Access Trojans (RATs) available for the Android OS. This is not meant as an exhaustive list, but simply a list of some of the better known RATS. If you know of others not on this list, please email me at occupytheweb@protonmail.com.





I have tried to compile a list with each RATS name, source-code location (if open source) and key features.


Cerberus Banking



Cerberus is a banking RAT targeting the Android OS. First spotted in June 2019. It was embedded in Google Play apps. Developers tried to auction source code for $100,000 but when that failed, they released it for free to public. Developers claim that it uses no code from previous RATS making it harder to detect with AV.


  • Bots

  • Bank and CC Logs information

  • Mail logs

  • SMS, Call (+Forward), Contact, GPS, Audio

  • Monitoring all activity / logs

  • Push to turnoff Play Protected (Disable)

  • Download, Install, Remove Apps

  • Lock device

Pegasus


Developed by the Israeli cyberarms company, NSO group, and sold to government's around the world, Pegasus is among the most expensive and effective mobile spyware. Available for both the IPhone and Android, Pegasus enables a jailbreak on the device. It has been effectively used by the UAE to spy on Ahmed Mansoor in 2016, the Mexican drug cartels to spy on Mexican journalists, and Saudi Arabia to spy on Jamal Khashoggi, the Washington Post journalist, before killing and dismembering him in the Saudi embassy in Turkey.

  • Storage, Microphone, Location

  • Screenshot

  • Calendar

  • Instant Messaging

  • Contact & Call & SMS & Mail

  • Browser History

  • Device Setting

  • Skype

  • Telegram

  • Whatsapp


DroidJack


Available at https://droidjack.net/



  • Camera, Microphone, Location

  • Storage

  • SMS, CALL, Contact

  • Whatsapp Reader

  • Browser History

  • App Manager


AndroRAT



SpyNote



  • Bind app, Storage, Location

  • SMS, Call, Call logs, Contact, Camera

  • Listen live conversation through mic, record mic sound live.

  • Check browser history.

  • Check installed apps.

  • Get phone’s information (IMEI, WIFI MAC, PHONE CARRIER).

  • Fun Panel (Show messages, shake the phone etc)


  • Camera, Mircophone,

  • Storage, Location

  • Message, Call, Call logs, Contact


  • execute command

  • process lost

  • camera snap, stream, list, microphone

  • Add and remove app

  • Camera, Microphone, Storage

  • Call & SMS

  • Remote Device Controller


UnknownRAT



  • Storage access

  • Android Tools such, take photo, screenshot etc

  • Record audio


android_trojan / Android Trojan https://github.com/androidtrojan1/android_trojan

  • shell command, browser history, microphone, location, storage

  • add and remove app

  • call log, contact,sms dump,


OmniRAT

  • Fully Remote Access

  • File Manager, add and remove apps

  • App Widgets

  • Full System Information

  • Call & SMS


Android Voyage

  • Remote Android Screen

  • Screenshot, keylog, traffic monitor

  • Make as system application

  • Lock unlock, hide unhide app

  • Remove android password

  • Message Access

  • Bricks the device, Anti Antivirus

  • Self Destructive Mode

  • Password Grabbers

NetWire

  • camera

  • audio

  • keylogger

  • storage

  • download upload

  • location

  • etc

  • Contact

  • System

  • App

  • Storage

  • Call

  • Message

  • Shell

LokiDroid

  • SMS, Call, Call logs, Contact, Toast, Browser

  • Storage, Location, Microphone, Camera

  • Phone's Hardware and Software details

  • Sim details

  • Internet details and IP

  • offline commands for bots

  • Multiple commands for multiple bots

  • http RAT ( not required port forwarding)


KevDroid

  • Installed applications

  • Phone number

  • Phone Unique ID

  • Location (the application tries to switch on the GPS, 10s capture location)

  • Contact, SMS, Call logs, Call, Mails

  • Storage, Microphone


columbus-trojan https://github.com/project-columbus/trojan (cute trojan)

  • Image (front-facing camera)

  • 10-second sound clip (microphone)

  • Location (mobile triangulation)


GhostCtrl

  • Admin

  • Voice record

  • Message

  • Location


  • Text to speech for Android to say stuff out loud

  • webcam snapshots (front cam & back cam)

  • GPS tracker !


TeleRAT and IIRAT (Telegram BOT)

  • Clipboard

  • App list

  • SMS, Contact

  • Storage, Microphone, Camera

  • Control Admin Screen, Vibrate


Hidden Cobra

  • Proxy

  • Contact

  • SMS

  • Payload


  • SMS, Call, Call logs,

  • Opening web pages

  • Uploading images and video

  • Opening an application

  • Performing denial-of-service attacks

  • Changing the command and control server


  • Similar with dendroid

  • Actually Botnet by dendroid

  • SMS

  • Camera, Storage, Microphone

  • Browser open page


Joanap

  • Mic

  • botnet

  • steal log


SHConnect

  • Camera

  • Location

  • Storage


HighRise

  • Incoming outgoing SMS


  • Get messages

  • Screenshot Functionality

  • Camera Access

  • Add Google form for passwords


Triout Framework

  • Record phonecall, save it, send it to C&C

  • SMS Logs

  • Call Logs

  • Steal Images or Video, Camera Access

  • Hide


Cerberusapp

  • Storage

  • Location

  • Camera

  • Admin

  • not deletable

  • more


  • Real-time command execution

  • Schedule commands

  • Hidden app icon (stealth mode)

  • SMS, Call, Call logs, Contact

  • etc

  • Contact, Call logs, SMS

  • Logs

  • Location, Storage

  • Etc


  • Notification Listener (Facebook, whatsapp, email, instagram etc)

  • Call Logs

  • Contact

  • SMS

  • Etc

  • Camera

  • Location

  • Storage

  • Etc


FinSpy

  • Storage

  • Phone information

  • Call SMS MMS

  • Contact

  • GPS Location

  • VOIP record such Skype, WeChat, Viber, LINE etc


Monokle

  • GPS location

  • Audio record, call record

  • Screen recording

  • Keylogger and fingerprint-device duplicate

  • History browser and Call log, SMS Email logs, create a Call and SMS

  • Contact and calendar

  • Shell as root (rooted/rootable)


Joker (infect many apps in playstore)

  • SMS CALL CONTACT

  • Storage

  • Manipulating subscription (money)


  • similar "Adroid Spy App"

  • Call, SMS, Contact, Phone Information

  • Camera, Audio, Location, Storage

  • Account Detail

  • Lock, Vibrate, Flash

  • Owner Access (Boot)

  • Inject, Install / Remove Apps

  • Logs and Keylog (messenger, socialmedia)


Strandhogg

  • Hijack Session, apps log

  • Almost all permission


  • Command

  • SMS Contact Call

  • Storage


  • Camera

  • SMS Contact Call

  • Storage

  • Install, Inject


GravityRAT

  • SMS Contact Call

  • Storage

  • exfiltrate


BlueEagle jRAT

  • similar "jRAT"

  • Call, SMS, Contact, Phone Information

  • Camera, Audio, Location, Storage

  • Account Detail

  • Owner Access (Boot)

  • Block google protect


  • SMS CALL CONTACT

  • GPS

  • CAMERA AUDIO


  • sms call

  • storage

  • camera, etc


  • storage, camera

  • audio, etc


Rogue RAT

  • Camera, Audio

  • Storage, GPS

  • Keylog, etc


LodaRAT

  • Camera, Microphone, Phone

  • Storage, GPS

  • Install, Account Credentials, etc


  • GPS, Storage

  • Camera, Audio, Phone


Look for our upcoming Android Hacking training where we will deploy some of these RAT's and develop our own.

17,335 views3 comments

Recent Posts

See All

3 Comments


astriddavina54
astriddavina54
Jan 02, 2023

i know of a very good hacker that can help you with any type of hacking, either phones or computers. My husband was so smooth at hiding his infidelity so I had no proof for months, I was referred to some hacker and decided to give him a try.. the result was incredible because all my cheating husband’s text messages, emails , facebook and even phone conversations was wired directly to my cellphone. Computerguru helped me put a round-the-clock monitoring on him and I got concrete evidence of his escapades..if you think your spouse is an expert at hiding his cheating adventure, you can contact them too at HENRYCLARKETHICALHACKER@GMAIL.COM on whatsapp12622367526.


Like

Hire a professional cell Phone Hacker who has the skills that can grant you remotely access to your spouse cell phone and grant access to cheating spouse cell phone information on their cell phone. He can also use he skills to spy on other people’s cell phones device. It is also known as a cell phone spy who are capable to provide you all you require to infiltrate any type of smartphone and iPhone. I was able to got access to partner iPhone, the job was prefect to the extended he didn’t knowing anything about it, was so prefect you can conatct him via kelvinethicalhacker @ gmail. com. reach to him to help spy on your cheating spouse...

Like

Hey everyone , I don’t really know much about this hacking things but I can direct you to a professional hacking company who helped me to track and hack my boyfriend’s iPhone and his Facebook respectively.. If you need to check on your partner’s sincerity, employee’s honesty, recover your email passwords, Social networks (i.e Facebook, Twitter, IG), change your school grades, clear your criminal records, gain access to bank accounts,spy on phone. you can just contact them at … Their charges are minimal and negotiable contact them at Henryclarkethicalhacker @ gmail, com]..tell him you are from me or text him or whatsapp +1 8 1 3 4 2 1 1 3 2 6…. You can thank me later.


Like
bottom of page