Remote Access Trojan (RAT)
What is Remote Access Trojan (RAT)?
Remote Access Trojan (RAT)Malware that gives an attacker covert, interactive control of an infected device, similar to a hidden remote-administration tool.
A Remote Access Trojan (RAT) installs a stealthy backdoor that allows an operator to view the screen, execute commands, manipulate files, log keystrokes, capture audio or video, and pivot to other systems. Unlike standard remote-administration software, a RAT is installed without consent and tries to evade detection. RATs are commonly delivered through phishing attachments, cracked software, drive-by downloads, or as a follow-on payload after initial compromise. They are favoured by both cybercriminals and state-sponsored groups. Defences include endpoint detection and response, application allow-listing, egress filtering, monitoring for unusual remote-control protocols, and least-privilege user accounts.
● Examples
- 01
AsyncRAT and njRAT distributed through phishing campaigns.
- 02
DarkComet historically used to spy on activists and journalists.
● Frequently asked questions
What is Remote Access Trojan (RAT)?
Malware that gives an attacker covert, interactive control of an infected device, similar to a hidden remote-administration tool. It belongs to the Malware category of cybersecurity.
What does Remote Access Trojan (RAT) mean?
Malware that gives an attacker covert, interactive control of an infected device, similar to a hidden remote-administration tool.
How do you defend against Remote Access Trojan (RAT)?
Defences for Remote Access Trojan (RAT) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Remote Access Trojan (RAT)?
Common alternative names include: RAT, Remote-access tool (malicious).