This repository contains a list of known Android Remote Access Trojans (RATs) (both free and paid) (and Dataset) along with their key features and required permissions. This information is intended solely for documentation and research purposes.
If you are looking for port forwarding without buying a VPN or changing your router settings, you can use Ngrok
The following resource provides further archived information: https://www.vx-underground.org/archive.html#builders
DO NOT download or install these projects unless you fully understand the risks. There is a high risk of being infected by the Trojan itself. Always exercise caution and recheck any executable files before installing them from an unknown source. (Remember: A Trojan inside a Trojan is possible!)
-
DroidJack [GUI]
- Camera, Microphone, Location
- Storage
- SMS, CALL, Contact
- Whatsapp Reader
- Browser History
- App Manager
-
AndroRAT https://github.com/DesignativeDave/androrat https://github.com/karma9874/AndroRAT https://github.com/The404Hacking/AndroRAT [GUI]
- Contact, Call logs, Call, SMS
- Location, Camera, Microphone
- Streaming video (for activity based client only)
- Do a toast, message
- Give call
- Open an URL in the default browser
- Do vibrate the phone
-
SpyNote [GUI]
- Bind app, Storage, Location
- SMS, Call, Call logs, Contact, Camera
- Listen live conversation through mic, record mic sound live.
- Check browser history.
- Check installed apps.
- Get phone’s information (IMEI, WIFI MAC, PHONE CARRIER).
- Fun Panel (Show messages, shake the phone etc)
-
AhMyth [GUI] https://github.com/AhMyth/AhMyth-Android-RAT
- Camera, Mircophone,
- Storage, Location
- Message, Call, Call logs, Contact
-
TheFatRAT https://github.com/Screetsec/TheFatRat
- execute command
- process lost
- camera snap, stream, list, microphone
-
BetterAndroRAT https://github.com/mwsrc/BetterAndroRAT
- Add and remove app
- Camera, Microphone, Storage
- Call & SMS
- Remote Device Controller
-
UnknownRAT [GUI]
- Storage access
- Android Tools such, take photo, screenshot etc
- Record audio
-
android_trojan / Android Trojan https://github.com/androidtrojan1/android_trojan
- shell command, browser history, microphone, location, storage
- add and remove app
- call log, contact,sms dump,
-
OmniRAT [GUI]
- Fully Remote Access
- File Manager, add and remove apps
- App Widgets
- Full System Information
- Call & SMS
-
Android Voyage
- Remote Android Screen
- Screenshot, keylog, traffic monitor
- Make as system application
- Lock unlock, hide unhide app
- Remove android password
- Message Access
- Bricks the device, Anti Antivirus
- Self Destructive Mode
- Password Grabbers
-
NetWire
- camera
- audio
- keylogger
- storage
- download upload
- location
- etc
-
rdroid https://github.com/m301/rdroid
- Contact
- System
- App
- Storage
- Call
- Message
- Shell
-
LokiDroid [GUI]
- SMS, Call, Call logs, Contact, Toast, Browser
- Storage, Location, Microphone, Camera
- Phone's Hardware and Software details
- Sim details
- Internet details and IP
- offline commands for bots
- Multiple commands for multiple bots
- http RAT ( not required port forwarding)
-
KevDroid
- Installed applications
- Phone number
- Phone Unique ID
- Location (the application tries to switch on the GPS, 10s capture location)
- Contact, SMS, Call logs, Call, Mails
- Storage, Microphone
-
columbus-trojan https://github.com/project-columbus/trojan (cute trojan)
- Image (front-facing camera)
- 10-second sound clip (microphone)
- Location (mobile triangulation)
-
GhostCtrl
- Admin
- Voice record
- Message
- Location
-
Pupy https://github.com/n1nj4sec/pupy
- Text to speech for Android to say stuff out loud
- webcam snapshots (front cam & back cam)
- GPS tracker !
-
TeleRAT and IIRAT (Telegram BOT)
- Clipboard
- App list
- SMS, Contact
- Storage, Microphone, Camera
- Control Admin Screen, Vibrate
-
Hidden Cobra
- Proxy
- Contact
- SMS
- Payload
-
Dendroid https://github.com/nyx0/Dendroid
- SMS, Call, Call logs,
- Opening web pages
- Uploading images and video
- Opening an application
- Performing denial-of-service attacks
- Changing the command and control server
-
Casperspy https://github.com/dhanumurti [GUI]
- Similar with dendroid
- Actually Botnet by dendroid
- SMS
- Camera, Storage, Microphone
- Browser open page
-
Joanap
- Mic
- botnet
- steal log
-
SHConnect
- Camera
- Location
- Storage
-
HighRise
- Incoming outgoing SMS
-
LaRAT https://github.com/c4wrd/LaRat
- Get messages
- Screenshot Functionality
- Camera Access
- Add Google form for passwords
-
Triout Framework
- Record phonecall, save it, send it to C&C
- SMS Logs
- Call Logs
- Steal Images or Video, Camera Access
- Hide
-
Cerberusapp
- Storage
- Location
- Camera
- Admin
- notdeleteable
- more
-
Pegasus (Sample https://github.com/9aylas/Pegasus-samples) (decompiled https://github.com/jonathandata1/pegasus_spyware)
- Storage, Microhpone, Location
- Screenshot
- Calender
- Instant Messaging
- Contact & Call & SMS & Mail
- Browser History
- Device Setting
-
Adobot https://github.com/adonespitogo/AdoBot
- Realtime command execution
- Schedule commands
- Hidden app icon (stealth mode)
- SMS, Call, Call logs, Contact
- etc
-
Adroid Spy App https://github.com/abhinavsuthar/Android_Spy_App
- Contact, Call logs, SMS
- Logs
- Location, Storage
- Etc
-
SpyApp Client https://github.com/ghazikr/SpyAppClient [GUI]
- Notification Listener (Facebook, whatsapp, email, instagram etc)
- Call Logs
- Contact
- SMS
- Etc
-
i-spy Android https://github.com/JohnReagan/i-spy-android
- Camera
- Location
- Storage
- Etc
-
FinSpy
- Storage
- Phone information
- Call Sms Mms
- Contact
- GPS Location
- Voip record such Skype, WeChat, Viber, LINE etc
-
Monokle
- GPS location
- Audio record, call record
- Screen recording
- Keylogger and fingerprint-device duplicate
- History browser and Call log, SMS Email logs, create a Call and SMS
- Contact and calender
- Shell as root (rooted/rootable)
-
Cerberus Banking [GUI]
- Bots
- Bank and CC Logs information
- Mail logs
- SMS, Call (+Forward), Contact, GPS, Audio
- Monitoring all activity / logs
- Push to turnoff Play Protected (Disable)
- Download, Install, Remove Apps
- Lock device
-
Joker (infect many apps in playstore)
- SMS CALL CONTACT
- Storage
- Manipulating subscription (money)
-
Hawkshaw https://github.com/saksham2410/Android-RAT---Hawkshaw
- similar "Adroid Spy App"
- Call, SMS, Contact, Phone Information
- Camera, Audio, Location, Storage
- Account Detail
- Lock, Vibrate, Flash
- Owner Access (Boot)
- Inject, Install / Remove Apps
- Logs and Keylog (messenger, socialmedia)
-
Strandhogg
- Hijack Session, apps log
- Almost all permission
-
TearDroid PHP https://github.com/ScRiPt1337/Teardroid-phprat
- Retrieve Contact
- Retrieve SMS
- Retrieve running Services
- Retrieve Device Location (😟 Only work when the app is open on newer devices)
- Retrieve Call Logs
- Run Shell Command ( use findphno command in run shell command to get device phone number and use findx:pdf to find all the pdf files on the device )
- Change Wallpaper
- Send SMS
- Make Call
- Get Installed Apps
- Download File
- Read Notification
-
AndroSpy https://github.com/qH0sT/AndroSpy
- Camera
- SMS Contact Call
- Storage
- Install, Inject
-
GravityRAT
- SMS Contact Call
- Storage
- exfiltrate
-
BlueEagle jRAT
- similar "jRAT"
- Call, SMS, Contact, Phone Information
- Camera, Audio, Location, Storage
- Account Detail
- Owner Access (Boot)
- Block google protect
-
TalentRAT https://github.com/honglvt/TalentRAT
- SMS CALL CONTACT
- GPS
- CAMERA AUDIO
-
WH-RAT https://github.com/wh-Cyberspace/WH-RAT [GUI] (Similar with SpyNote NjRAT)
- x soon
- etc
-
Mass RAT https://github.com/NYAN-x-CAT/Mass-RAT
- sms call
- storage
- camera, etc
-
HaxRAT https://github.com/Hax4us/haxRat
- storage, camera
- audio, etc
-
Rogue RAT
- Camera, Audio
- Storage, GPS
- Keylog, etc
-
LodaRAT
- Camera, Microphone, Phone
- Storage, GPS
- Install, Account Credentials, etc
-
Rafel RAT https://github.com/swagkarna/Rafel-Rat
- GPS, Storage
- Camera, Audio, Phone
- Ransomware ? (Syntax)
- Browserhistory (prefer to syntax)
-
StrongPity
- GPS, Storage
- Phone, Boot, Network Info
-
ERMAC
- SMS, CALL, CONTACT
- InstallApps, GetApps, Inject
-
Android Spyware https://github.com/CanciuCostin/android-spyware
- SMS, Call, Contact, Device Information
- InstallApps, GetApps, Inject
- Cam, Storage, Mic
- Adb command control
-
BRAT (Brazilian RAT)
- Install and remove apps, GetApps, Inject
- Factory Reset
- Admin Control
-
Nivistealer (web steal based - allow/permission interaction) https://github.com/swagkarna/Nivistealer
- IP, GPS, Device information
- Camera, steal clipboard
- set phishing site
-
DogeRAT
- Install and remove apps, GetApps, Inject
- Camera, SMS, Keylogger
- Admin Control etc
-
Dash [GUI] https://github.com/muneebwanee/Dash
- Camera
- Multiple Child clients
- Hidden app icon (stealth mode)
- Real-time location.
- Recording calls: incoming/outgoing.
- SMS: received/sent.
- Environment recording.
- Take pictures.
- Keylogger.
- Phishing social network.
- Notifications received: Whatsapp, Instagram, Messenger.
-
AIRAVAT https://github.com/Th30neAnd0nly/AIRAVAT https://github.com/GoutamHX/MAXXRAT
- Storage, Admin Permission, List App
- SMS, Call, Contact
- Camera, Audio, Screenshot
- Ransomware, Shell Command
-
IMG-RAT
- Storage, Camera, Audio
- SMS, Call, Contact
- Keylogger, Shell
-
Nexus
- Storage, Camera, Audio
- SMS, Call, Shell, Location, Keylogger
- Inject Banking, Crypto app
- 2FA app
-
Gigabud RAT
- Screen record, storage
- Install package
- Keylogger
-
TecSpy https://github.com/bmshifat/TecSpy
- SMS, Call, Contact, GPS, Storage
- Log notification, clipboard
- Admin adb command
-
MMRat
- Keylogger
- Screenrecord
- adb command
-
Chameleon
- Phishing, Keylogger
- Contact, SMS, Call, Storage
- Screen Capture, Overlay
- Proxy, Cookies Stealer
-
PounceKeys https://github.com/NullPounce/pounce-keys
- Hidden app icon (stealth mode)
- Keylogger
- Get phone’s information
- Log notification, clipboard
-
GoldDigger
- Keylogger
- Screen Capture, SMS
- Phishing
-
Hector / ISOON RAT
- Storage, SMS, Contact
- Log system multi platform
- adb control
-
Xenomorph, GODFather, PixPirate, Sova, Zanubis, BingoMod, TrickMo, BlankBot, Vultur, Octo2, Medusa (all banking trojan)
- Fully Control Device - Admin
- Storage, Adb
- SMS, App List, Phising etc
-
WuzenRAT https://github.com/wuzenrat/WuzenRat (Telegram BOT RAT)
- Sreen Mirroring
- Contact, SMS, CALL
- Camera, Storage, Location
- Notification
- Phishing
-
Fantasy Hub
- SMS, 2FA, Contact
- Camera, Mic Realtime
- Storage
- Permission runtime
