ELI5: What is a RAT (Remote Access Trojan)?
It’s like someone secretly installing a remote control inside your computer. From anywhere in the world, the attacker can watch your screen, use your camera, and control your computer as if they were sitting right there.
Definition
A Remote Access Trojan (RAT) is a type of malware that provides the attacker with full remote control capabilities over a compromised system—including file system access, process management, screen viewing, keylogging, webcam/microphone activation, and command execution. RATs are often disguised as legitimate software and establish persistent, covert connections back to the attacker’s C2 server.
Key Details
- Gives attackers complete remote control—equivalent to sitting at the keyboard of the infected system.
- Common features: file browser and transfer, shell/command execution, screenshot capture, keylogging, webcam/microphone access.
- Communicates with attacker via C2 (Command and Control) channels—often over HTTP/HTTPS to blend with normal traffic.
- Commonly delivered via phishing emails with malicious attachments (Word macros, ISO files) or drive-by downloads.
- Famous RATs: DarkComet, njRAT, Poison Ivy, Quasar RAT, AsyncRAT.
Connections
- Parent: malware-types — a comprehensive remote control malware category
- See also: trojan