What is a RAT? | U.S. News

A Remote Access Trojan, otherwise known as a RAT, is a type of spyware that allows a cybercriminal to take control of the computer or other device it’s installed on. RATs are malicious software that constitute a major cybersecurity threat. They usually infect computers, but they can also infect iOS and Android devices, as well as printers, routers, and other networked devices. RATs work by opening access to the device they’re installed on to someone who’s not supposed to be there.

Once a hacker uses a RAT to gain access to a device, that person has full control of it. They can watch while the user works, encrypt files, monitor keystrokes, see all data on the device, and control other devices connected to it. Fortunately, there are steps you can take to help prevent RATs from getting into your computer and try to remove them if necessary.

How Does a Remote Access Trojan Work?

A remote access trojan is spyware that’s usually delivered via a phishing attack, explains Brian Hornung, CEO and founder at Xact IT Solutions. He says a RAT is linked to a computer that the hacker controls and allows the hacker to install other software on the target device.

“It’s a tunnel into the computer that gives them access to the computer,” says Jon Clay, vice president of threat intelligence at Trend Micro. Most often, hackers use RATs to target personal computers. “They gain access through phishing emails to get the user to open an attachment or click on a link,” he says. Ransomware attacks often use RATs because they allow remote control of another device.

Once a hacker uses a RAT to gain access to a device, that person has full control.

Hornung says a RAT is often installed when you click on an attachment and nothing appears to happen. You assume the attachment was defective and go on to something else. “The reality is that something did happen, and they’re in your system doing what they want,” he says. “They can put ransomware on your computer. They can use your information to access your bank or social media accounts.” RATs are also a common way of committing identity theft or a doxxing attack.

Adonis Baybayan, technical training instructor at NexGen T Academy, says that RATs are an extremely easy form of spyware for anyone to create – even novice hackers with malicious intentions.

Why Are RATs a Threat?

RATs are a threat because hackers use them as spyware to unauthorized access to a computer or other device, explains Therese Schachner, cybersecurity consultant at VPN Brains. “They can see files there, modify files, or wipe data, or [steal] data,” she says. RATs can also access a connected webcam, take screen shots to gather private data, and deploy ransomware. In addition, RATs can be written to travel through a network, after which they can send emails that appear legitimate and spread malware to other devices.

RATs are arguably the worst form of cyberthreat because they give someone total control over a computer or other device and any network to which the device has access. With that control, the hacker can steal money, information, identities, and anything else available on the network. They can use the information they gather to damage reputations and spread ransomware, adware, malware, viruses, and other malicious software.

Who Do RATs Target?

RATs can target both individuals and businesses, depending on what sort of information the criminal wants. Hornung says that cyber criminals aren’t too picky when it comes to RAT attacks. “It’s a spray-and-pray approach,” he says. “They just try to see what happens when the payload is on the computer.”

RATs are arguably the worst form of cyberthreat, because they give the cyber criminal total control over a computer system and any network to which the system has access.

That said, hackers frequently have a financial incentive. Some of them may have other goals as well, such as corporate espionage. And of course there are RATs intended to steal information and intellectual property.

How to Protect Yourself From RATs

Although remote access trojans can cause havoc, there are ways you can protect yourself. Taking the following steps will greatly reduce the odds of one of your devices becoming infected with a RAT.

Don’t Use Remote Desktop in Windows

Remote Desktop is a feature of Microsoft Windows that allows someone to connect to and control a computer remotely. “Don’t ever turn on Remote Desktop for any reason,” Hornung says. Third-party remote access applications are much more secure.

Checking the status of Windows Remote Desktop is easy. In the search box at the bottom of the screen, type “remote desktop settings,” and a box will pop up that says, “Remote Desktop.” Below that you’ll see a slider labeled “Enable Remote Desktop,” which you should turn to the off position if it isn’t there already.

Update Your Devices

It’s critical to keep the operating system and software on your computer and other devices up to date. Each new version of Windows and MacOS has new security enhancements that help fight malware, especially things like RATs. The same is true for your other devices. For example, printer manufacturers update their software with new security features, as do router manufacturers.

Pay attention to what you click on

Equally important is to simply pay attention to what you’re doing before something bad happens. One of the primary reasons phishing emails are able to deliver RATs is because the recipients click on links and attachments they shouldn’t and end up running malware or visiting infected websites.

Antivirus software can detect RATs and other types of malware if they infect your devices.

Purchase Antivirus Software

Antivirus software like Bitdefender, Kaspersky, Webroot, or Norton, can detect RATs and other types of malware if they infect your devices. Depending on the type of software you’re buying, it may recognize a RAT by its signature or by its actions. Some antivirus software can do both. Be sure to purchase software that updates itself automatically, which all good antivirus programs do.

Subscribe to an Identity Theft Protection Service

What To Do if Your Computer Is Infected

If you suspect that your computer is infected by a RAT, your options may be limited because some RATs are designed to resist removal. Take the following steps:

  1. Take it off the internet, then run your AV scan.
  2. Try rebooting. Some RATs are memory resident and may vanish during a reboot.
  3. Be ready to wipe your operating system and rebuild from backups. Note that you shouldn’t use image backups like Apple Time Machine but rather backups of individual files. An image may already have the RAT installed.
  4. Where possible, change your username and passwords using a password manager because the RAT may have exposed them.
  5. Notify your banks and credit card companies.
  6. Check financial statements and monitor your accounts, and set up credit watches.

With some RATs, you also may need to remove and replace your hard drives.
RATs are particularly bad forms of malware. They can steal your information and your money. They can destroy your system and even your organization. It’s worth taking the trouble to prevent them from ever getting into your system, and it’s worth the extraordinary measures needed to remove them.

Learn More

Related 360 Reviews

Why You Can Trust Us

At US News & World Report, we rank the Best Hospitals, Best Colleges, and Best Cars to guide readers through some of life’s most complicated decisions. Our 360 Reviews team draws on this same unbiased approach to rate tech products that you use every day. The team doesn’t keep samples, gifts, or loans of products or services we review. In addition, we maintain a separate business team that has no influence over our methodology or recommendations.


Leave a Comment