A RAT (remote access Trojan) is malware an attacker uses to gain full administrative privileges and remote control of a target computer. RATs are often downloaded along with seemingly legitimate user-requested programs -- such as video games -- or are sent to their target as an email attachment via a phishing email.
Once the host system is compromised, intruders use a backdoor to control the host, or they may distribute RATs to other vulnerable computers and establish a botnet.
Belonging to the family of Trojan horse viruses, RATs are specifically designed to disguise themselves as legitimate content.
How does a remote access Trojan work?
A RAT is typically deployed as a malicious payload using exploit kits, such as Metasploit. Once installed, the RAT gets connected to the command-and-control server, which the hackers control. The hackers achieve this connection by compromising an open TCP port on the target device.
A RAT can also be installed through phishing emails, download packages, web links or torrent files. Users are duped into downloading malicious files through social engineering tactics, or the RAT is installed by threat actors after they gain physical access to a victim's machine, such as through an evil maid attack.
Spear phishing attack with RATDuring the fourth step in a targeted spear phishing attack, a RAT is installed on the target system.
Because a RAT provides a backdoor and enables administrative control, it empowers the intruder to do almost anything on the targeted computer, including the following:
Monitor user behavior, such as keystrokes, through keyloggers and spyware.
Access confidential information, such as credit card and Social Security numbers.
Activate a system's webcam and record video.
Take screenshots.
Distribute viruses and malware, as well as launch ransomware
Format drives.
Delete, download or alter files and file systems.q
0 comments:
Post a Comment