Man
Professional
- Messages
- 3,059
- Reaction score
- 585
- Points
- 113
The term RAT (Remote Access Tool) is commonly used to refer to remote administration utilities. They can be used for good purposes for their intended purpose, such as the popular TeamViewer, or they can be installed by hackers in secret from the user.
In such cases, RAT is often deciphered as Remote Access Trojan, and the direct translation of the English word rat comes in handy here.
Please note that distributing viruses and malware is illegal and entails criminal liability. All information is provided for informational purposes only. Neither the editors of the www.spy-soft.net website nor the author of the program encourage the use of the acquired knowledge for practical purposes and are not responsible for any possible harm caused by the material of the article.
The RAT creation program for Android AhMyth consists of two components.
To operate the utility, you need a Java virtual machine installed on your computer. You can download it from the official Java website . After that, you need to download the binaries of AhMyth itself. You can find them in the official project repository on GitHub, Assets tab. During the download, I recommend turning off the antivirus so that it does not have an attack from what is happening.
Using the AhMyth RAT constructor is very easy. In the Source IP window, you need to enter the IP address of the attacking machine (this address is then easily calculated \ during forensic analysis of the malware). In the Source Port field, you can specify the port that will be reserved by the machine for listening to connections. By default, port 42 474 is used.
There is also a Bind With Another Apk option that allows you to bind an APK file with another app.
To do this, you need to check the Bind With Another Apk box, select the required APK and specify the method of integrating the malware into the phone. There are two methods: when running an infected APK or when rebooting the phone after installing the RAT. The authors of the program recommend the second option.
All that remains is to click the Build button - by default, the infected file is saved to the folder:
Success also requires that the "Install only from trusted sources" option be disabled in the target device's settings.
Click on Listen, and if our APK has successfully infected the mobile device, we will see a new connection.
Available Devices in AhMyth.
The program also logs all actions in the console located at the bottom of the window. The meaning of the log columns is generally obvious.
Now it's time to move on to active actions - to do this, boldly click on the Open The Lab button.
To send an SMS, go to the Send SMS tab, enter the recipient's phone number (TO:// field), and enter the desired message text in the Message field. After that, all that remains is to click the SEND button.
This feature can be used to reset the passwords of the accounts of the owner of the infected device, for example, to hack VKontakte or Instagram.
In such cases, RAT is often deciphered as Remote Access Trojan, and the direct translation of the English word rat comes in handy here.
How to Create a RAT for Android
AhMyth RAT (Remote Access Trojan) is an open-source application, currently in beta. The tool is aimed at Windows users, but AhMyth sources for Unix-like platforms can be downloaded from GitHub.Please note that distributing viruses and malware is illegal and entails criminal liability. All information is provided for informational purposes only. Neither the editors of the www.spy-soft.net website nor the author of the program encourage the use of the acquired knowledge for practical purposes and are not responsible for any possible harm caused by the material of the article.
The RAT creation program for Android AhMyth consists of two components.
- A server application that can be used to control an infected device and create APK files with malicious code. It is built on the Electron framework, a framework developed on the GitHub platform for creating simple graphical applications.
- A client APK containing malicious code that allows remote access to an infected Android device. That is, the created APK file will act as a backdoor.
Installing AhMyth RAT
The server part is very easy to install, especially since the author of the RAT constructor has made the binaries freely available. But if you want, you can compile it from the source code. In my case, the tests were conducted on a computer with Windows 10.To operate the utility, you need a Java virtual machine installed on your computer. You can download it from the official Java website . After that, you need to download the binaries of AhMyth itself. You can find them in the official project repository on GitHub, Assets tab. During the download, I recommend turning off the antivirus so that it does not have an attack from what is happening.
Creating an Infected APK
To create an APK file for Android, open the APK Builder tab. The appearance of the builder for creating RAT for Android is shown below:
Using the AhMyth RAT constructor is very easy. In the Source IP window, you need to enter the IP address of the attacking machine (this address is then easily calculated \ during forensic analysis of the malware). In the Source Port field, you can specify the port that will be reserved by the machine for listening to connections. By default, port 42 474 is used.
There is also a Bind With Another Apk option that allows you to bind an APK file with another app.
To do this, you need to check the Bind With Another Apk box, select the required APK and specify the method of integrating the malware into the phone. There are two methods: when running an infected APK or when rebooting the phone after installing the RAT. The authors of the program recommend the second option.
All that remains is to click the Build button - by default, the infected file is saved to the folder:
Code:
<strong>C:\Users\<Your_Username>\AhMyth\Output</strong>Distribution of RAT for Android
How malware collected this way is distributed is a separate topic for discussion. I will only note that programs infected with RAT are regularly found in Google Play and are just as regularly removed from there, which does not prevent malware from appearing in this catalog again. In addition, no one has canceled social engineering methods. But keep in mind that to activate RAT after installing the application, you must run or reboot the infected device (depending on the builder settings).
Success also requires that the "Install only from trusted sources" option be disabled in the target device's settings.
Connecting to an infected device
Now you need to go to the Victims tab and enter the same port in the field that we specified earlier, so that the server waits for connections from infected devices. Again, if you did not change anything when assembling the APK, then you do not need to specify anything here either.Click on Listen, and if our APK has successfully infected the mobile device, we will see a new connection.
Available Devices in AhMyth.
The program also logs all actions in the console located at the bottom of the window. The meaning of the log columns is generally obvious.
- Country — the country in which the infected device is operating.
- Manuf is the company that manufactures the device.
- Model — the code or name of the device model.
- Release — the version of the operating system of the infected device (in my case it is Android 10).
- IP is the IP address of the device, and Port is the port through which the infected device connected to the attacking machine.
Now it's time to move on to active actions - to do this, boldly click on the Open The Lab button.
Using RAT AhMyth
We will be presented with a menu of seven items, which provides access to various functions of the program.Camera
First, let's look at the Camera section. Select a camera: Front or Back — and you can take a photo by pressing the Snap button. However, for some reason I couldn't take a proper photo, although all my cameras on the device were successfully initialized.File manager
The file manager here is not as advanced as in other RATs for Android and Windows, but it is still a very useful thing. With its help, you can at least download the files we need from the infected device. As you can see, the initial directory is the root directory, which can only be accessed with administrator rights.Microphone
This function allows you to use the device's microphone in the background and record everything that the phone "hears" during the specified time (in the Seconds window, you need to specify the recording duration in seconds). Then click Record and wait. The resulting file can be listened to directly in the program window or saved to your machine.Geoposition
In my opinion, this is the most interesting feature of AhMyth. If the infected device has geodata transmission enabled, you will be able to find out the geolocation of a person with an accuracy of ten meters. It is known that inexperienced users very rarely remember about this parameter and leave it enabled. Plus, some applications (the same maps) that use geodata transmission will eventually force a person to enable this function.Contacts
With this function you can extract the entire list of contacts that are recorded in the phone. It is possible to download the entire list of contacts to your car.SMS
Another very interesting section. With its help you can send someone an SMS or view and download all messages that came to this device.To send an SMS, go to the Send SMS tab, enter the recipient's phone number (TO:// field), and enter the desired message text in the Message field. After that, all that remains is to click the SEND button.
This feature can be used to reset the passwords of the accounts of the owner of the infected device, for example, to hack VKontakte or Instagram.
