1. Home
  2. Software
  3. AndroRAT

AndroRAT

AndroRAT is an open-source remote access tool for Android devices. AndroRAT is capable of collecting data, such as device location, call logs, etc., and is capable of executing actions, such as sending SMS messages and taking pictures.[1][2][3] It is originally available through the The404Hacking Github repository.[2]

ID: S0292
Type: MALWARE
Platforms: Android
Version: 1.1
Created: 25 October 2017
Last Modified: 16 April 2024
Version Permalink
Mobile Layer
download view

Techniques Used

Domain ID Name Use
Mobile T1429 Audio Capture

AndroRAT gathers audio from the microphone.[1][4]

Mobile T1616 Call Control

AndroRAT can make phone calls.[4]

Mobile T1430 Location Tracking

AndroRAT tracks the device location.[1]
Mobile T1655 .001 Masquerading: Match Legitimate Name or Location

AndroRAT masquerades as legitimate applications.[4][5]

Mobile T1636 .002 Protected User Data: Call Log

AndroRAT collects call logs.[1][4]

.003 Protected User Data: Contact List

AndroRAT collects contact list information.[1][4]

.004 Protected User Data: SMS Messages

AndroRAT captures SMS messages.[1][4]

Mobile T1582 SMS Control

AndroRAT can send SMS messages.[4]

Mobile T1422 System Network Configuration Discovery

AndroRAT collects the device’s location through GPS or through network settings.[4]

Mobile T1512 Video Capture

AndroRAT can take photos and videos using the device cameras.[4]

References

  1. Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.
  2. The404Hacking. (n.d.). AndroRAT. Retrieved April 8, 2024.
  3. Dela Paz, R. (2016, October 21). BITTER: a targeted attack against Pakistan. Retrieved June 1, 2022.
  1. Dela Paz, R. (2016, October 21). BITTER: a targeted attack against Pakistan. Retrieved March 1, 2024.
  2. BlackBerry Research and Insights Team. (n.d.). Mobile Malware and APT Espionage. Retrieved March 1, 2024.