An Android RAT, or remote access trojan, is malware that gives an attacker interactive control over an Android device after compromise. Unlike simple spyware or adware, a RAT is built for hands-on use: the operator can issue commands, observe activity, and sometimes trigger actions on the phone or tablet as if they had physical access.
This matters because mobile devices often hold messages, credentials, authentication codes, contacts, and business data. Attackers commonly gain control by tricking users into installing a malicious app, abusing permissions, or convincing them to enable powerful features such as Accessibility Services. Defenders look for suspicious sideloaded apps, unusual permission requests, abuse of device-admin or accessibility features, and network connections that indicate remote command-and-control traffic. An Android RAT is dangerous not just because it infects a device, but because it turns that device into a remotely managed foothold for surveillance, fraud, and further intrusion.