AhMyth is a powerful open-source Android remote administration tool with which you can access informational data from another device. An attacker with AhMyth Download can access critical information like the current geographical location of the device which is being attacked. In advanced use it is used to hack the microphone, launch recordings, get camera snapshots as well as read personal messages on the device attacked.
It is designed with a Graphical User Interface which makes it one of the easiest RATs to use. Moreover, with this, you can log in and get direct control to a device as an administrator quite easily.
About AhMyth – The Best Android RAT
It carries two parts with which it performs functions effectively. It has a server-side which acts like a desktop app that is built on an electron framework.
- Server-side: It is used by the attacker as a control panel through which the connections are made to its software which is installed on the victim’s device.
- Client-side: It works like an app and used as a backdoor. Pretty simple.
In the news: It has also been found to sneak its way onto the PlayStore disguised as other useful apps in the form of Spyware.
How AhMyth Works
To carry an attack using this, the client-side must be installed on the targeted device. Installations can be achieved by sending a target a link that carries malicious software. Once done and launched by the victim, the attacker shall be able to view the victim’s device from the tool’s target menu. After this, the attacker selects a favourable port from which an attack can be launched and begins to listen on the targeted device.
When it is deployed on a targeted device, it can be used to access personal information like:
- Call logs.
- Access browser cookies.
- Know web pages that have been visited using the device.
- View personal messages.
The tool also enables messages to be sent from the victim’s device to another one without his content.
AhMyth Useful Features
- File Manager: It allows the attacker to view the content of the target device including firmware.
- Remote access to Mic and Camera.
- Access to call logs and even messages.
- SMS Access: This allows the attacker to read and send messages from the target device.
- Device GPS Location: Enables the attacker to know the geographical location of the victim.
Compatibility Support
- Android
- Linux (Kali Linux and others).
- OS X.
- Windows
It requires different prerequisites to function properly, depending upon the method of installation you selected, you need to ensure that you have the following installed:
If you get source code from Github:
- Java (To generate APK backdoor).
- Electron (To start the desktop application).
- Electron-packer and electron-builder (To build binaries from Linux, windows as OS X).
If you use Binaries:
- Java (to generate APK backdoor).
- Binary from Github.
How to Install AhMyth Android RAT (Windows, Kali Linux)
Using the Official Source Code
As soon the requirements are installed, clone the repo from the GitHub
#git clone https://github.com/AhMyth/AhMyth-Android-RAT.git
Go to the following directory:
#cd AhMyth-Android-RAT/AhMyth-Server
After this start it with the following command:
#npm start
Use their Binary
This is an effective way to get installation without interfering with the command line. You need to get the required download file from its release page. Once downloaded, open it and allow it to install.
How to Use AhMyth Android RAT (The Easy Way)
Once you get it on your PC you need to build an android APK with a backdoor. To build a standalone APK you need to go to the “APK Builder” option there at the top of the screen, or you can also come up with an app by infecting another one; this is an effective way as it shall keep the app hidden all the times. Make sure that the “source IP” on the application matches with the IP address of a server-side computer.
Building the APK File
Now as the program is up and running, it is time to build an android app that backdoor. Select “APK Builder” from the top screen. First, change “Source IP”. This needs to be IP address of the system you shall be sending and receiving commands from.
For testing purpose, we shall use the local wife network. If you wish to work outside this then you require port-forward your system to the net and use the public IP address.
This can build APK in two ways:
- Create standalone APK.
- Used to infect another app to remain hidden on the target device.
For the latter, you need to select the box beside “bind with another APK”, browse and then select APK you want to use. Today we shall be creating a default standalone APK, but if a malicious user were deploying it in real, they would likely be building it with another APK.
Once all settings are selected you are ready to build APK, click on “Build”.
Go to “C:\Users\SecuredYou\AhMyth\Output” to find the build APK.
Replace (SecuredYou) with your computers name.
Must Try: njRAT Download for Windows and Android.
Setting it live
As you have a working APK, now let’s deploy it by downloading it on the target device. All of the standard attack methods apply – anything to get the user to download it. Social engineering works best. Like if you know the user, then suggest an application to them and infect.
Most effective method if you have physical access to your phone, it takes a few seconds to get it and hide it. If you select this, the easy way to do this is by saving APK to Google Drive and sending the device a link. On most devices, download shall take few seconds.
If the Android device does not want to install it, they never enabled “Unknown sources” in their settings. Open “settings”, go to “security” and click “unknown sources”. This is how the application can be installed.
Listen for any activity
On the top left of its screen, select the “victims” tab. Change the port number to the one you’re using. It can be left blank as well for default. Then click on “listen”. Once done and RAT is running properly on the victim then it shall appear here with some basic information.
Now RAT is up and running on the target device, start with remote access, click on the “open lab” button, the pop-up window shall appear. If you have familiarity with other Android RATs such as Cerberus then you might be disappointed with how few features it has, but we suggest that it is still in beta stages.
Check them out below:
- Browse Files: This is good as with this you can see everything on the device right down to firmware. You can also uncover all kinds of sensitive information from passwords to compromising photos.
- Mic Audio Recordings: As people take phones with where ever they go, you, in effect, have a bug, or listening device, on them at all times.
- Track location via GPS: To know where they are. It can be fooled by a simple GPS spoofer app. We used one on the device of a victim.
- Read SMS messages: Simple way to use this would be to hack someone’s Facebook by resetting their password with an SMS text, use the code which is sent. Use your own imagination for all things you can do by sending messages from your phone.
- Open camera without alerting: We were not able to get it working on our device which can be a problem with the old versions we were using for testing. In Principle, it allows you to take pictures with the front or rear camera and have them sent back to you.
Some troubleshooting tips: If you encounter the following error “AhMyth Building Failed” while making the APK, it means that there may be an Antivirus blocking the process. To fix this, you just need to disable all your security features, restart your PC and it will work now.
AhMyth Alternatives
Remember: Only use this tool on systems/devices where you have permission to do so. It is posted here only for educational and informational purposes.
Download AhMyth Android RAT for Windows, Android and Kali Linux
AhMyth RAT is one of the most prefered and underrated Android remote administration tools out there. You can download it for various operating systems and it is fully open-source on GitHub.
Build: v1.4 (Latest Version).