A security researcher recently uploaded a sample tagged as droidjack_updated_fixed.smali to VirusTotal. While the binary is not publicly available for safety reasons, the analysis reveals interesting changes compared to the 2018 leak.
Key differences:
| Feature | Original DroidJack (2014) | "Updated" GitHub Variant (2024) | | :--- | :--- | :--- | | C2 Communication | Raw TCP socket | WebSocket over HTTPS + Cloudflare | | Persistence | Boot receiver | Foreground service + Notification hiding | | File Manager | Basic read/write | Memory-only extraction (no file traces) | | AV Detection | 25/60 on VirusTotal | 12/60 on VirusTotal (better evasion) | droidjack github updated
The payload size has also increased from 180KB to over 4MB. This is due to embedded libraries for bypassing newer Android security patches, such as androidx.core.content workarounds. A security researcher recently uploaded a sample tagged
Many YouTube videos and forum posts claim "DroidJack 2024 Updated No Survey." They direct users to a GitHub link. Upon downloading, the user finds either: This is due to embedded libraries for bypassing
Furthermore, GitHub tracks download statistics and collaborates with law enforcement. Simply cloning a repository containing a functioning RAT can flag your IP address for monitoring by threat intelligence platforms like ShadowServer or Recorded Future.