AhMyth: Android Remote Administration Tool


AhMyth: Android Remote Administration Tool

AhMyth is a powerful open-source remote administration tool that can be used to access informational data from an android device. Through it, an attacker can access critical information such as the current geographical location of the device being attacked. In advanced use cases it can be used to hack the victim’s microphone and launch recordings, get camera snapshots and also read personal messages on the attacked device.

AhMyth: Android Remote Administration Tool Logo

This tool is designed with a GUI interface and this makes one of the easiest RATs to use. With this tool, you can easily log in and gain direct control to an android device as an administrator.

Disclaimer: AhMyth is designed solely for educational purposes.

AhMyth: Android Remote Administration Tool

As a remote administration tool, AhMyth has two parts which enable it to effectively perform its functions. It has a server-side which acts like a desktop application that is built on an electron framework. The server side is used by the attacker as the control panel through which connections are made to the AhMyth software that is installed on the victim’s Android device. The client-side of AhMyth works as the android application and can be used as a backdoor.

How it works?

For this tool to be used to carry an attack, the client-side must be installed on the targeted Android device. Installations can be achieved by sending the target a link that contains the malicious software. Upon successful installation and launch by the victim, the attacker will be able to have a view of the victim’s device from the tool’s target menu. After this, the attacker simply selects a favorable port from which an attack can be launched and begins to listen on the targeted Android device.

When deployed on a target device this tool can be used to access personal information such as the victim’s passwords and call logs. The attacker can also gain access to the victim’s browser cookies and know the web pages that have been visited using the device. Apart from allowing an attacker to view the victim’s personal messages, AhMyth can also enable messages to be sent from the victim’s Android device to another phone without the consent of the victim.

Features:

  • File Manager – allows the attacker to view contents in the target device including the firmware.
  • Remote access to Mic and Camera.
  • Access to Call Logs.
  • SMS access-allows the attacker to read and send messages from the target device.
  • Device GPS Location-enables the attacker to know the geographical location of the victim.

Supported Platforms:

  • Windows, Linux,  OS X

AhMyth Prerequisites:

AhMyth requires different prerequisites for it to function properly, depending on the installation method chosen you must ensure that you have the following installed.

Prerequisites when installing AhMyth from a source code installation:

  • Java (will be used to generate the APK backdoor)
  • Electron (used to start the desktop application)
  • Electron-packer and electron-builder (used to build binaries for Linux, OS X, and Windows)

Prerequisites when installing from binaries:

Install AhMyth

Method 1: Installing from a Source Code

Once requirements are installed, clone the repo from the GitHub:

$ git clone https://github.com/AhMyth/AhMyth-Android-RAT.git 

Navigate to the following AhMyth directory:

$ cd AhMyth-Android-RAT/AhMyth-Server 

Then start the AhMyth with the following command:

$ npm start 
AhMyth: Android Remote Administration Tool GUI
AhMyth GUI

Method 2: Installing from a Binary

This can be an effective way to achieve an installation without interfering with the command line. Get the required download file from GitHub’s AhMyth release page. After the download is complete open the file and allow it to install.

AhMyth Post-Installation

After the program has successfully been installed on your computer you have to build an Android APK with a backdoor. To build a standalone APK go to the “APK Builder” option at the top of your screen. You can also come up with an application by infecting another application; this is effective because it will keep the AhMyth application hidden at all times. Ensure that the “Source IP” on the application matches with IP address of the server-side computer.
Download Box