GARUDAMON GUIDE...RAT (Remote Access Trojan)


A Remote Access Trojan (RAT, sometimes called Creepware[1]) is a type of malware that controls a system through a remote network connection. While desktop sharing and remote administration have many legal uses, "RAT" connotes criminal or malicious activity. A RAT is typically installed without the victim's knowledge, often as payload of a Trojan horse, and will try to hide its operation from the victim and from security software and other anti-virus software
- Access to unauthorized information, (spying, stealing). This includes not only access to information "stored", but perishing information as well, for example VoIPconversations, on-screen user activity (e.g.: stealing financial information by watching users using their internet bank).
- Interference with information. Planting fabricated evidence (of either cyber crime or any other criminal activity, for example copying child pornography onto the device’s storage and then calling the police on the operator of the device), deleting critical information (file system level access).[8]
- Interference on application level. Installing and running applications. These can be additional malware offering different, more targeted functionality than RATs (botnet software, ransomware, etc.), non-malware applications "leeching" on the device’s resources (e.g. blockchain mining software possibly generating profit for the attacker), or any other kind of software. Additionally, this can also mean interfering with existing, "legit" applications’ settings (lowering authentication levels or changing, disabling mission critical functionality).
- Interference on interface level. While more serious damage can be done by RATs by their capabilities of interfering with devices without the knowledge of users, they can also be used according to the typical functions of non-malicious remote access software: controlling the screen, mouse (cursor), keyboard and other interfaces that the user is aware of. Naïve users may be confused or frightened by this, helping the attacker commit impersonation, extortion or other non-tech cyber crimes and even criminal acts not related to ICT at all. However, interference with devices’ interfaces may tip off users that are more computer literate, basically letting them know about the malware infection, allowing them to easily mitigate the problem.
- Interference on hardware level. Interference with hardware drivers, firmwares or hardware functionality. This can include installing additional, BIOS or firmware level malware (that will persist on the device even if the storage is formatted, also possibly enabling of manipulating firmware level functionality, e.g.: the possibility of remotely switching devices on), turning on and capturing web cameras or microphones (invading the users’ privacy). RATs may also be able to change hardware settings in such way that will physically break the hardware (like CPU overclocking resulting in overheating-related failure) possibly resulting also in damages unrelated to ICT infrastructure (overheating hardware can cause a house fire!).