What is a Remote Access Trojan (RAT)?

What is a Remote Access Trojan RAT

A Remote Access Trojan(abbreviated RAT) is malware that enables remote control and administrative control of a foreign computer unnoticed by the user. The manipulation possibilities of a RAT are manifold and range from spying out passwords and stealing data to unnoticed use of the webcam or microphone.

What is A Remote Access Trojan (RAT)?

The abbreviation RAT stands for the malware term Remote Access Trojan. It is a form of malware that allows to remotely control a foreign computer via a network connection and take complete control of the system. For this purpose, Remote Access Trojan opens a kind of backdoor and starts a program on the computer system, which the attacker can connect to.

The way it works is similar to remote access software with the difference that the remote control processes and the third-party administrative control are hidden from the user. Common methods of infection for a RAT include exploiting unpatched vulnerabilities, sending emails with infected attachments, or downloading and installing manipulated software.

Basic functionality of a Remote Access Trojan

Remote Access Trojans provide similar functionality as remote access programs. Comparable to software such as Teamviewer, VNC, or pcAnywhere, they allow remote control of mouse and keyboard, transfer of desktop content, sending, receiving, and deleting files, or launching applications.

READ:  Cyber Kill Chain - Basics, Application and Development!

The crucial difference from remote control software is that – as usual with a Trojan horse – the actions performed by the hacker and the programs needed for remote control are hidden from the user. Most RATs launch a server on the infected system, which opens a network port and accepts requests from the outside or independently connects to the remote control software of the hacker. Often, the attacker controls a number of different computers simultaneously via his software.

So-called reverse connections are common with remote access Trojans. In order not to have to connect to the attacked system from the outside and find out IP addresses or bypass firewalls, the server of the remotely controlled computer connects to the hacker’s software independently. The server software is automatically started at boot time.

Manipulation possibilities of a remote access Trojan

Since the Remote Access Trojan enables complete control of the remotely controlled computer, there are basically no limits to the attack and manipulation possibilities. The RAT can:

  • Activate the microphone or webcam and transmit recordings or images
  • Record entered keyboard commands (keylogger)
  • Read and transmit confidential data
  • Send, receive, delete or modify files
  • Transfer the current desktop content
  • Download and install other malware
  • Render the system unusable, for example by deleting the hard disk – blackmail the user by encrypting files (ransomware)
READ:  Clever Protection Against Malicious Email Attachments

Examples of some known remote access Trojans

One of the first remote access Trojans was the Back Orifice software introduced in 1998. The first version allowed remote control of Windows 95 and Windows 98 computers.

Other remote access Trojans include SubSeven from 1999 for Windows 95, 98, XP and ME versions, Beast from 2002 for computers with operating systems from Windows 95 to Windows XP and Windows 2000, Poison Ivy from 2005 for Windows XP, Vista, NT, 2000 and 2003 or BlackShades from 2010 also for Windows systems.

Possible protective measures against a RAT

To protect against a RAT, the usual malware protection measures should be taken. In addition, remote control of an already infected computer can be prevented by using firewall systems that block any traffic from or to unknown destinations.