Types
RAT (Remote Access Trojan)
Malware that gives an attacker covert, interactive remote control of an infected machine — files, keystrokes, webcam and shell.
A Remote Access Trojan gives an operator hands-on-keyboard control of a compromised host. Unlike automated malware, a RAT is interactive: the attacker browses files, logs keystrokes, captures the screen and webcam, and runs commands as if sitting at the machine.
Common capabilities
- Keylogging and credential theft
- File upload / download and remote shell
- Screen, webcam and microphone capture
- Persistence and stealthy C2 beaconing
Detection
RATs reveal themselves through their C2 traffic and persistence. Hunt for unusual outbound connections, suspicious autostart entries, and process injection. Notable families include njRAT and the loaders that deploy them.