Tip:
Highlight text to annotate it
X
Step 1: locate the application to infect
Step 2: download the application locally
Step 3: Weaponize it with AndroRAT
Configure the backdoor to connect to a specific IP address & port via the Binder application
The Binder decompiles the original Android APK, binds the malicious code, and then it repackages it.
The backdoored APK is ready to be delivered to victims. It can be uploaded on alternative markets, spammed out in messages etc.
The Control Panel lists the currently connected clients. Devices show up as they get online.
First device connected - basic information such as location and SIM issuing operator available.
Another infected device shows up in the Control Panel
The attacker can individually control each infected client by simply selecting it from the list.
The Control Panel allows the hacker to access local files, such as images or documents...
...and download them via the Internet.
The hacker can also access the contact list remotely. Synchronized accounts also showcontacts' e-mail addresses & pictures.
A number of options, such as calling and texting the contact list are also built in.
AndroRAT also allows access to the call and SMS history, with an option to filter by date or phone number.
The infected phone can be geolocated via GPS or via the Wi-Fi networks in proximity....
...or have the microphone turned on without user interaction.
An attacker could also send text messages or call contacts / premium rate numbers
Real time call and SMS monitoring are also possible.