SBN

Malware spotlight: What is a Remote Access Trojan (RAT)?

Introduction

A Remote Access Trojan (RAT) is a type of malware that allows covert surveillance, a backdoor for administrative control and unfettered and unauthorized remote access to a victim’s machine. The RAT is very dangerous because it enables intruders to get remote control of the compromised computer. Attackers can use the exploited machines to perform various malicious activities such as installing and removing programs, manipulating files, hijacking the webcam, reading data from the keyboard, harvesting login credentials and monitoring the clipboard.

The malicious actors can also use your internet address as a front for malicious purposes. For example, viruses downloaded through a RAT have the ability to compromise other computers by impersonating you.

In this article, we will explore the difference between RATs and keyloggers. We’ll also look at RAT types and the way RAT installs on computer, as well as the workings, detection and avoidance of a RAT.

How do RATs differ from keyloggers?

RATs often imitate keyloggers by allowing hackers to automatically collect keystrokes, user credentials, emails, browser history, screenshots and more. However, RATs differ from keyloggers in that they give attackers unauthorized remote access to a victim’s computer through a special setup of communication protocols, which are configured during the initial infection of the infected machine.

What are the most common types of RAT?

Back Orifice

Developed by the hacker group Cult of the Dead Cow, Back Orifice is one of the well-known examples of the RAT. This malware is specifically designed to discover security deficiencies of Windows operating systems. 

Saefko

In October 2019, researchers at Zscaler ThreatLabZ uncovered a new piece of RAT malware called Saefko. It can retrieve Chrome browser history in order to learn about information cryptocurrency-related activities.

CrossRAT

If you are using macOS, Windows, Solaris or Linux, you are more prone to (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Fakhar Imam. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/uRKKFWvpQ-o/