AIRAVAT - Multifunctional Android GUI RAT With Web Panel | No Port-Forwarding

We have posted about different RATs (Remote Access Trojan) on our website and some of them require port forwarding and others don't require any port forwarding services. For example Telegram Based RAT, Ahmyth RAT, Lime RAT, etc.

In this article, I introduce you to a new web panel-based GUI Android RAT, which is more powerful and easier to handle than many expensive RATs available on the Internet.

To access the RAT (Remote Access Trojan) from any browser or device, you will need to build it manually and configure it with your specific details. At the moment, the RAT is functioning as an Instagram app and a phishing page, both of which are embedded with it. This information is accurate as of the time of writing this article.

Without any further delay, let's see how you can set it up by following the steps given below: 


Download  Other Files: Link

Step 1: Create a Firebase Account and afterward create a new project with any name.

Step 2: Enable Firebase Database and Firebase Storage.

Step 3: In the Firebase Database Click on the rules and set .read and .write to true.


     "rules": {

             ".read": "true",

             ".write": "true"



Step 4: In Firebase Storage allow reads and writes for all paths.

  rules_version = '2';

  service firebase.storage {

  match /b/{bucket}/o {

      match /{allPaths=**} {

         allow read, write 




Step 5: Now Go to the project overview create an Android App and download the google-services.json file.

Step 6: Also create a web app and copy the config of Webapp.

Panel Setup

Step 1: You can use Github Pages, Firebase Hosting, or any Hosting Website (except 000webhost) for hosting the panel.

Step 2: Open index.html File and from line number 16 replace the config with your web app config which you have created in Step 6.

Step 3: Save the file, Your Panel Setup is completed.

Android RAT Setup

Step 1: Download Instagram.apk

Step 2: Decompile it using any Decompiler recommended above.

Step 3: Now open res/values/strings.xml file.

Step 4: Replace values of firebase_database_url  , google_api_key , google_app_id , google_storage_bucket , project_id with your Firebase Account using google-services.json file which you have downloaded in step 5.

Step 5: Now compile the code with appt2.

Step 6: Install the app on the victim's device and give all the permissions after that the connection will show up in the web panel.

I hope this information is helpful for you, save bookmarks of our blog for future posts and follow us on the Instagram for latest updates.