AhMyth is a powerful open-source remote administration tool that can be used to access informational data from an android device. Through it, an attacker can access critical information such as the current geographical location of the device being attacked. In advanced use cases it can be used to hack the victim’s microphone and launch recordings, get camera snapshots and also read personal messages on the attacked device.
This tool is designed with a GUI interface which makes AhMyth one of the easiest RATs to use. With this tool, you can easily log in and gain direct control to an android device.
AhMyth is designed solely for educational purposes. I am not in any way reponsible for any damage or
harm to any devices, you use this at your own risk, I also DO NOT OWN THIS PROJECT, I have just
contributed to it, this Android RAT application belongs to its creator AhMyth, his github
can be found here in the link below.
- https://github.com/AhMyth
As a remote administration tool, AhMyth has two parts which enable it to effectively perform its functions.
-
The server-side which acts like a desktop application that is built on an electron framework, which is used by the attacker as the control panel through which connections are made to the AhMyth software that is installed on the victim’s Android device.
-
The client-side of AhMyth works as the android application and can be used as a backdoor.
For this tool to be used to carry an attack, the client-side must be installed on the targeted
Android device. Installations can be achieved by sending the target a link that contains the
malicious software. Upon successful installation and launch by the victim, the attacker will
be able to have a view of the victim’s device from the tool’s target menu. After this, the
attacker simply selects a favorable port from which an attack can be launched and begins
to listen on the targeted Android device.
When deployed on a target device this tool can be used to access personal information such as
the victim’s passwords and call logs. The attacker can also gain access to the victim’s browser
cookies and know the web pages that have been visited using the device. Apart from allowing an
attacker to view the victim’s personal messages, AhMyth can also enable messages to be sent from
the victim’s Android device to another phone without the consent of the victim.
Installation Instructions can be found in the INSTRUCTIONS.md
Join the development and upgrading of AhMyth at AhMyth RAT Development
- File Manager – allows the attacker to view contents in the target device including the firmware.
- Remote access to Mic and Camera.
- Access to Call Logs.
- SMS access – allows the attacker to read and send messages from the target device.
- Device GPS Location – enables the attacker to know the geographical location of the victim.
- Backdooring original applications, also referred to as "Binding"
- Supports Linux & OS X
- Custom Permissions selection - Allows user to select specific permissions using the checkboxes on the Interface, ticking none, or all of the boxes, will generate a payload with all default permissions
- APK auto-hides itself upon installation
- Android Permission are automatically granted upon installation
- L.A.P (Launcher Activity Persistence)
