Skip to content

S0292 AndroRAT

AndroRAT is an open-source remote access tool for Android devices. AndroRAT is capable of collecting data, such as device location, call logs, etc., and is capable of executing actions, such as sending SMS messages and taking pictures.231 It is originally available through the The404Hacking Github repository.3

Item Value
ID S0292
Associated Names
Type MALWARE
Version 1.1
Created 25 October 2017
Last Modified 17 November 2024
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
mobile T1429 Audio Capture AndroRAT gathers audio from the microphone.24
mobile T1616 Call Control AndroRAT can make phone calls.4
mobile T1430 Location Tracking AndroRAT tracks the device location.2
mobile T1655 Masquerading -
mobile T1655.001 Match Legitimate Name or Location AndroRAT masquerades as legitimate applications.45
mobile T1636 Protected User Data -
mobile T1636.002 Call Log AndroRAT collects call logs.24
mobile T1636.003 Contact List AndroRAT collects contact list information.24
mobile T1636.004 SMS Messages AndroRAT captures SMS messages.24
mobile T1582 SMS Control AndroRAT can send SMS messages.4
mobile T1422 System Network Configuration Discovery AndroRAT collects the device’s location through GPS or through network settings.4
mobile T1512 Video Capture AndroRAT can take photos and videos using the device cameras.4

References

  1. Dela Paz, R. (2016, October 21). BITTER: a targeted attack against Pakistan. Retrieved June 1, 2022. 

  2. Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016. 

  3. The404Hacking. (n.d.). AndroRAT. Retrieved November 17, 2024. 

  4. Dela Paz, R. (2016, October 21). BITTER: a targeted attack against Pakistan. Retrieved March 1, 2024. 

  5. BlackBerry Research and Insights Team. (n.d.). Mobile Malware and APT Espionage. Retrieved March 1, 2024.