More than 2 billion Android devices are active every month, and any of them can be attacked using remote management tools (commonly called RATs). AhMyth is one of these powerful tools that can help outsiders monitor the location of the device, view text messages, take camera, screen snapshots, and even record with a microphone without the user's knowledge.
The remote management tool is a program that provides technical support for remote computers by allowing the administrator to directly log in and control the device. However, hackers quickly saw the potential of these tools and began to use these tools for malicious behavior. Advanced RATs are often used to remotely access and control various devices, but today we will focus on the most popular device-Android. AhMyth is an emerging, open source Android RAT, currently still in the development stage, it uses a simple GUI interface. In addition, AhMyth can also adapt to multiple platforms, including Linux, Windows and MacOS.
RAT consists of two parts: the first is a server-side application based on the Electron framework. In our example, it is our desktop or laptop, but this application can be extended to a certain extent if needed. Acting as a control panel connected to the RAT; the second part is the client, which will be used as a backdoor infected Android application.
There are two ways to download and install AhMyth. Use GitHub's source code directly or use the binary files they provide.
If you choose to start from the source code, then you need to check whether some dependencies are installed.
Java-used to generate APK backdoor
Electronics-used to launch desktop applications
Electronic Generator and Electronic Packer-used to build binaries for macOS, Windows and Linux
If these are already installed, then you are ready to continue. First use the following command to clone the code from GitHub.
Then go to the AhMyth-Android-Rat directory below.
cd AhMyth-Android-RAT / AhMyth-Server
Once you are in, start AhMyth with the following command.
This program is still in the beta development stage, so it is not as powerful as before. So it is inevitable that errors may occur during operation. If an error occurs, try to run it as root again, as shown below.
sudo npm start --unsafe-perm
When you see the GUI start, it means it is already working.
The source code is one way to download it, but if you are lazy like me, there is an easier way – use binary files! This is a good choice when you are working on a Windows computer and do not want to mess with the command line. But please check if Java is updated on your computer.
Navigate to the AhMyth release page and download. Currently, they only support Linux and Windows file upload.
Download the correct file-install-run automatically.
Create an APK
We have up and running the program, now it is time to build an Android application with a backdoor. At the top of the screen, select "APK Builder". The first thing to change is the "source IP", which is the IP address of the computer that will send and receive commands.
For testing purposes, I just use my local Wi-Fi network. However, if you wish to work outside the local network, you need to turn your computer port to the Internet and use a public IP address.
AhMyth can build an APK in two different ways. It can create a standalone APK or be used to infect another application to remain hidden on the target device. To do the latter, select the box next to "Bind another application", then browse and select the APK you want to use. Today I will create a default standalone APK, but if a malicious user is deploying this APK, they are likely to bind it to another APK.
Once you have selected all the settings, you can start building the APK, just click "Build".
Find the created APK from the "C: Users UserName AhMyth Output" directory
You already have an APK available, and you can now download it to the target Android device for installation. All standard attack methods are applicable-any method that allows users to download APKs. Social engineering often works best. For example, if you know this person, recommend an application to them and infect it.
If you have physical access to the phone, you can download and hide it in just a few seconds. If you choose this method, the easy waySave the APK to Drive and send the link to the phone. On most phones, the download should only take a second or two.
If the Android phone cannot be installed, they may not enable the installation of "unknown sources" apps in the settings. Open settings, then go to "Security" and check "Unknown Sources".
In the upper left corner of the AhMyth screen, select the "Victims" tab, and then change the port number to the port number you are using. You can also leave it blank. Next, click "Listen". Once this is done, some basic information of the monitored victim will appear on the screen.
Now that you have run the RAT on the target device, you can start remote management. Click the "Open Lab" button and a new pop-up window will appear. If you are familiar with other Android RATs such as Cerberus, you may be a little disappointed with some features. It currently has very powerful functions, such as the "File Manager" function, which allows you to see everything on the device and find passwords, session cookies, photos, etc. are not a problem.
Another function is the function of recording audio through the "microphone". You also have a tracking function ("location"), where you can not only know what they said, but also where they said it. However, one thing to note is that it may be trapped by a simple GPS spoofing application.
Now you may have noticed that I skipped the "Camera" function. It may be due to the old Android phone, this function cannot be used normally. In principle, it should allow you to send commands, take photos with the front or rear cameras, and send them back to you.
Generally speaking, no one can be protected from RAT attacks, but if you do not install Android applications from outside the Google Play store, your chances of being attacked will be relatively small. "Unknown sources" installation is disabled by default in Android, but if you allow it, it will greatly increase your risk, because you will no longer get security prompts. If you have a legitimate reason to download the APK from outside of Google Play, be sure to click "Allow this installation only", otherwise you may accidentally enable "Unknown Sources" permanently. Another way to protect yourself is not to take your phone to important meetings or wherever you don't want people to listen.
How to see other people's phone screen, call history, sms, conversation, text messages, email, gps location, call recording, photos, whatsapp, messenger, facebook.The mobile spy app can remotely monitor and track my partner's android phone. Download spy app for free and install apk file on target cell phone.Best spy software - Find and locate someone's phone online, read phone message from husband or wife on another cell phone.