Remote Access Trojan (RAT)

Also known as: RAT, Remote-access tool (malicious)

Malware that gives an attacker covert, interactive control of an infected device, similar to a hidden remote-administration tool.

A Remote Access Trojan (RAT) installs a stealthy backdoor that allows an operator to view the screen, execute commands, manipulate files, log keystrokes, capture audio or video, and pivot to other systems. Unlike standard remote-administration software, a RAT is installed without consent and tries to evade detection. RATs are commonly delivered through phishing attachments, cracked software, drive-by downloads, or as a follow-on payload after initial compromise. They are favoured by both cybercriminals and state-sponsored groups. Defences include endpoint detection and response, application allow-listing, egress filtering, monitoring for unusual remote-control protocols, and least-privilege user accounts.

Examples

AsyncRAT and njRAT distributed through phishing campaigns.
DarkComet historically used to spy on activists and journalists.

Remote Access Trojan (RAT)

Examples

Related terms

Trojan Horse

Backdoor

Keylogger

Command and Control (C2)

Advanced Persistent Threat (APT)

EDR (Endpoint Detection and Response)

Definition

Examples

Related terms

Trojan Horse

Backdoor

Keylogger

Command and Control (C2)

Advanced Persistent Threat (APT)

EDR (Endpoint Detection and Response)