Gaining full control over someone else's Android

Man

Man

Professional
Messages
3,077
Reaction score
614
Points
113
Today I will tell you how you can get full access to someone else's Android using RAT. What can you do with the victim's phone:
  • Take pictures from the camera (both from the front camera and from the front camera)
  • File manager (you can use it to steal passwords)
  • Listen to dialogues, you can specify how many seconds to turn on the microphone and it will record. After recording, you can immediately listen.
  • Geolocation of a person
  • Full list of contacts
  • View and send SMS
  • Call detailing

AhMyth is a new, promising, open source Android RAT that has a simple interface.
Additionally, AhMyth is available on Linux and Windows.

Step One: Download and Install AhMyth​

First, fly here - https://java.com/, you need to install java.
After that, go here - https://github.com/AhMyth/AhMyth-Android-RAT/releases and download the version for your system.

dc9d7724fa06d0872dff5.png


Currently only Linux and Windows are available.
Once you have downloaded the file you want, open it on your computer and it should begin installing. It will automatically open when it is installed. After that, we are ready to begin!

Step Two: Create an APK​

Now that we have a working program, it's time to create an Android application that the victim will install and through which we will take possession of their phone.
At the top of the screen, select APK Builder.

The first thing you need to change is the source IP. This should be the address of the computer from which you will be sending and receiving commands.
Click to expand...

For testing purposes I'll just use my local Wi-Fi network.
However, if you want it to work outside of your local network, you will need to point your computer to the internet and use your public IP address.
AhMyth can create APK in two different ways. It can create a standalone APK or an infectable APK to remain undetected on the target device.
To create a second one, check the box next to Bind With Another Apk, then browse and select the APK you want to use.
Today I'll create a normal standalone APK, but if attackers were telling you this instead of me, they would most likely bundle it with another APK.
Once you have selected all the settings and are ready to create the APK, simply click on the Build button.

59655fb7fb9800bbd5e1b.png


You can navigate to C:\Users\UserName\AhMyth\Output directory to find the built APK.
Click to expand...

Step three: RAT propagation.​

The most interesting part begins. Sending the application to everyone.
All methods are used, but social engineering usually works best. For example, if you know a person, recommend an app to them and tell them what they can get if they download it.

And then infect him.
Click to expand...

The most effective method today is direct access to the device, as it only takes a few seconds to download and hide the APK.
If you choose this method, the easy way to do it is to upload the APK to Google Drive and send the link to your phone. On most phones, the download should only take a second or two.
If your Android phone doesn't want to install it, then the option to install from unknown sources probably hasn't been enabled in the settings.

Open Settings, then go to Security and check Unknown sources. This allows you to install apps from places other than Google Play.
Click to expand...

Step Four: Start Listening​

In the top left corner of the AhMyth screen, select the Victims tab, then change the port number to the one you are using.
You can also leave it blank by default. Next, click on the Listen button. Once that's done and our rat is working properly, it should appear here along with some basic information.

0fdd9eba4e6ca574430d6.png


Step Five: Open the Lab​

Now that you have a working "rat" on your device, you can start remote administration. Click on the Open The Lab button, a new pop-up window should appear.
If you're familiar with other Android rats like Cerberus, then you might be a little disappointed by how few features are present here, but we'd like to remind you that this is still only in beta.
The features it currently has are actually quite powerful.
Let's take a look at some of them.
File Manager is really cool because it allows you to see everything on the device, down to the firmware. With it, you can reveal all sorts of sensitive information, be it passwords or session cookies.

6f7829f6bf15314fe7e3d.png


Another feature is the ability to record audio through the microphone. Since people take their phones with them everywhere they go, you essentially have endless listening.

a0ac31a26a052b856a9b9.png


There's also a Location tracking feature, so you can know not only what you said, but where.
Click to expand...

2320f8289ee9a2bccb77f.png


If you really enjoy wreaking havoc, you'll love this next feature: the ability to not only read, but also send messages.
An easy way to use this is to hack someone's VK by resetting their password with an SMS text and then using the code you received. You can use your imagination for all the things you can do by sending messages from the target's phone.

a41767b88ed2640cd0d8f.png


You may have noticed that I skipped the Camera feature.
I did this because I couldn't get it to work on my device, which may just be an issue with the old Android I was using for testing. Basically, it should let you send commands to take pictures from the front or back camera and have them sent back to you.

Android RAT Protection​

There aren't many ways to protect yourself from RATs in general, but there is one thing you can do.
Do not install Android apps that are not from the Google Play Store.
This doesn't mean that all Google Play apps are safe, but they are much safer than some random apps found on the internet. Because Google does scan them for malware to the best of its ability.
 
Man said:
Today I will tell you how you can get full access to someone else's Android using RAT. What can you do with the victim's phone:
  • Take pictures from the camera (both from the front camera and from the front camera)
  • File manager (you can use it to steal passwords)
  • Listen to dialogues, you can specify how many seconds to turn on the microphone and it will record. After recording, you can immediately listen.
  • Geolocation of a person
  • Full list of contacts
  • View and send SMS
  • Call detailing

AhMyth is a new, promising, open source Android RAT that has a simple interface.
Additionally, AhMyth is available on Linux and Windows.

Step One: Download and Install AhMyth​

First, fly here - https://java.com/, you need to install java.
After that, go here - https://github.com/AhMyth/AhMyth-Android-RAT/releases and download the version for your system.

dc9d7724fa06d0872dff5.png


Currently only Linux and Windows are available.
Once you have downloaded the file you want, open it on your computer and it should begin installing. It will automatically open when it is installed. After that, we are ready to begin!

Step Two: Create an APK​

Now that we have a working program, it's time to create an Android application that the victim will install and through which we will take possession of their phone.
At the top of the screen, select APK Builder.



For testing purposes I'll just use my local Wi-Fi network.
However, if you want it to work outside of your local network, you will need to point your computer to the internet and use your public IP address.
AhMyth can create APK in two different ways. It can create a standalone APK or an infectable APK to remain undetected on the target device.
To create a second one, check the box next to Bind With Another Apk, then browse and select the APK you want to use.
Today I'll create a normal standalone APK, but if attackers were telling you this instead of me, they would most likely bundle it with another APK.
Once you have selected all the settings and are ready to create the APK, simply click on the Build button.

59655fb7fb9800bbd5e1b.png




Step three: RAT propagation.​

The most interesting part begins. Sending the application to everyone.
All methods are used, but social engineering usually works best. For example, if you know a person, recommend an app to them and tell them what they can get if they download it.



The most effective method today is direct access to the device, as it only takes a few seconds to download and hide the APK.
If you choose this method, the easy way to do it is to upload the APK to Google Drive and send the link to your phone. On most phones, the download should only take a second or two.
If your Android phone doesn't want to install it, then the option to install from unknown sources probably hasn't been enabled in the settings.



Step Four: Start Listening​

In the top left corner of the AhMyth screen, select the Victims tab, then change the port number to the one you are using.
You can also leave it blank by default. Next, click on the Listen button. Once that's done and our rat is working properly, it should appear here along with some basic information.

0fdd9eba4e6ca574430d6.png


Step Five: Open the Lab​

Now that you have a working "rat" on your device, you can start remote administration. Click on the Open The Lab button, a new pop-up window should appear.
If you're familiar with other Android rats like Cerberus, then you might be a little disappointed by how few features are present here, but we'd like to remind you that this is still only in beta.
The features it currently has are actually quite powerful.
Let's take a look at some of them.
File Manager is really cool because it allows you to see everything on the device, down to the firmware. With it, you can reveal all sorts of sensitive information, be it passwords or session cookies.

6f7829f6bf15314fe7e3d.png


Another feature is the ability to record audio through the microphone. Since people take their phones with them everywhere they go, you essentially have endless listening.

a0ac31a26a052b856a9b9.png




2320f8289ee9a2bccb77f.png


If you really enjoy wreaking havoc, you'll love this next feature: the ability to not only read, but also send messages.
An easy way to use this is to hack someone's VK by resetting their password with an SMS text and then using the code you received. You can use your imagination for all the things you can do by sending messages from the target's phone.

a41767b88ed2640cd0d8f.png


You may have noticed that I skipped the Camera feature.
I did this because I couldn't get it to work on my device, which may just be an issue with the old Android I was using for testing. Basically, it should let you send commands to take pictures from the front or back camera and have them sent back to you.

Android RAT Protection​

There aren't many ways to protect yourself from RATs in general, but there is one thing you can do.
Do not install Android apps that are not from the Google Play Store.
This doesn't mean that all Google Play apps are safe, but they are much safer than some random apps found on the internet. Because Google does scan them for malware to the best of its ability.
Click to expand...
Hey brotha seem like you know your way around most tools do you know or do anyone or do you have any exploits
basically It’s how you can mask viruses from being detected like sending a virus but as pdf app so it looks legit but the virus is in the application if you get what I’m saying
 
You must log in or register to reply here.

Similar threads

Man
How to Create a RAT for Android
Replies
0
Views
247
Man
Man
chushpan
How I wrote an exploit for a Telegram bug and what happened next
Replies
0
Views
106
chushpan
chushpan
chushpan
How to hack an Android smartphone via a .PDF file
Replies
0
Views
270
chushpan
chushpan
Man
Big Android Security Hole: Why Are Smartphones With The Green Robot So Prone To Theft?
Replies
0
Views
112
Man
Man
chushpan
🐶 New Telegram Evil-Dropper Vulnerability | CVE 2025-1450 | Full Details and POC
Replies
0
Views
157
chushpan
chushpan
Back
Top