How to find and delete rats on Android and iOS?

[computerdude]

My brother installed a rat on my Android phone and on my dad's iPhone.

I ran antimalware scans with different apps, but nothing's showing up.

Could you guys please give me some tips on how to find and delete rats?

[NoExecute]

How do you know he installed a RAT ?

And you said you ran malware scanning and nothing showed up, again, how do you know there's a RAT installed ?
Are you suspecting it, or do you know ?
And, if you brother went through the trouble of making an Android and IOS malware, give him a hug, that's well done, since the platforms are different, and requires work to get working, especially if the have to run on the latest versions.
But, how to find them ?
Go through apps and delete any unknown apps / last installed apps, or reset to factory default.

Force the phone onto local wifi, run arp poisoning, and try wireshark to see if you can see traffic from the phone, going to some kind of C2.
Better yet (maybe), use rubber-hose-decrypt on your brother, that should give you the type of RAT and where it's installed

Based on your info, it's impossible to really give you advice, there's nothing to go on..

Happy Hunting 🙂

PS: Devils advocate here..

If it's important to you to have a phone that's "secure", may I suggest GrapheneOS, running on a Google Pixel Pro.
Of course you would have to download the GrapheneOS source, go through it, and compile it yourself, and use ADB-Debug to transfer it to the phone yourself, and validate every app (from source) you install, but look at the bright side, it's as secure as it gets, even from you brother 😄

/NX