AndroRAT is a Remote Access Tool/Trojan (RAT) that targets Android devices. The malware is most commonly installed via seemingly legitimate apps that have actually been infected with the Trojan. Once downloaded to the device, the malware can access phone call logs, spy on the victim’s calls, access the camera, capture messages, steal credentials for services accessed by the device, steal the victim’s files and documents, and geo-locate the device. Due to the widespread availability of the malware, victims are no more likely to be targeted by this malware based on geographic location.



  • November 2012: AndroRAT was created and published as an open-source tool. (Symantec)
  • February 2016: AndroRAT was reportedly the second-most prevalent mobile malware in December 2015. (InfoSecurity)
  • January 2017: Surge in AndroRAT infections suggest the distribution method may have improved. (MalwareBytes)
  • February 2018: New variant can inject root exploits to perform malicious attacks. (TrendMicro)

Technical Details

  • Symantec provides more details on AndroRAT here.

Interface used to inject AndroRAT in to an app. Image Source: Mack Hacker