The AndroRAT (Remote Access Trojan) is a threat that first emerged over eight years ago. Since then, the AndroRAT has received several updates. The first iteration of the AndroRAT was rather basic, but over the years, this threat was weaponized and developed further by cyber crooks. Thanks to the updates released, the AndroRAT is compatible even with the newest versions of Android.
The AndroRAT was first developed for educational purposes and was not meant to be used as a hacking tool. However, just like with countless other tools released for educational purposes, the AndroRAT was hijacked by cybercriminals shortly after its release. The code of the AndroRAT was first published on GitHub, and it was a part of a university project. Ever since the AndroRAT was hijacked, it has become one of the most well-known threats that target Android devices.
The AndroRAT has two modules - one that is meant to be installed on the victim's device, and the other one that is running on the Command and Control server. The attackers can use the latter to control the corrupted implant on the compromised Android phone or tablet. To gain persistence on the Android device, the AndroRAT will alter some of the settings of the system. The AndroRAT receives commands from its operators via phone call or text message. The AndroRAT is a rather feature-rich hacking tool since it can:
- Launch a URL.
- Monitor the call logs of the user.
- Collect the call logs.
- Collect contact details.
- Collect text messages.
- Monitor the incoming text messages.
- Launch a video stream.
- Use the camera to record video.
- Use the microphone to record audio.
- Activate silent mode.
- Monitor GPS activity to locate the user.
The AndroRAT is an ever-evolving project that is not likely to go away any time soon. This is why you should consider protecting your Android device with a modern anti-malware application.