Remote access software is typically used by IT professionals to resolve computer issues over the internet. Examples include TeamViewer and LogMeIn, which are legtimately used by helpdesk technicians and system administrators to fix technical issues remotely. Attackers, however, also recognize the effectiveness and usefulness of this technology and exploit it as a means of taking control of their victims’ computers through the “back door” with the help of Remote Access Trojans (RATs).
A Remote Access Trojan (RAT) is a type of dangerous malware program that hackers generally use to get complete, anonymous control over your computer without your knowledge. Most RATs are designed for Windows computers, but some are multiplatform and work on Linux, Mac and Android devices. When a RAT is installed on your computer, hackers can do just about anything.
What can a Remote Access Trojan do to my computer?
When a computer is infected with RAT, it assumes full administrative control over the targeted device. This makes it possible for a hacker to do anything on the machine, including:
- Spy on you.
- Watch you inside your home through your webcam camera as you go about your day.
- Combine with a keylogger to steal sensitive data.
- Record all your on-screen activity.
- Steal confidential information such as usernames, passwords, sensitive photos and financial information such as credit card information.
- Alter your personal files.
- Stream you over the internet through your webcam without your knowledge.
- Take control of a home network and create a botnet.
- Hijack or even destroy your device.
- Delete files and folders.
- Download additional malicious programs that can be used to take over online banking transactions.
- Distribute viruses and other malware to other computers.
- Format your computer’s hard drive.
How can I check for RATs on my system?
Unlike other types of malware, it can be difficult to detect when RATs has been installed on your machine because they are designed to conceal their presence. It won’t slow down your computer so you won’t be aware that anything’s wrong. It also won’t show up in your lists of active or running programs.
In fact, a RAT can be installed on your computer for years without detection, which is why this threat is known as an Advanced Persistent Threat (APT). Ordinary antivirus scans are also unlikely to detect encrypted RATs.
Here are some symptoms of possible infection in your Windows 10 computer:
- Unknown processes running in your system which are visible in the Task Manager.
- Your internet connection suddenly slows down considerably.
- Files have been modified or deleted.
- Your mouse begins to move across your computer screen on its own.
- You have strange programs in your startup folder.
- Your webcam indicator light is constantly on or blinks when you haven’t turned the webcam on.
- Unknown programs that you never installed are visible in the Control Panel and Add or Remove Programs.
Top antivirus software solutions help ensure RATs are unable to function properly in your computer. But the best way to identify and remove RATs from a system is through the use of intrusion detection systems.
How can a RAT be downloaded on my system?
Users who end up with malicious software on their system often do so inadvertently in the following ways:
- Phishing emails. A cybercriminal sends a spoofed email to a victim from what appears to be an established and well-respected company. The message will include an attachment which the user opens and inadvertently downloads a RAT onto their system. Alternately, the user can click on a malicious link in the email which takes the user to an infected webpage that downloads a RAT to the user’s system.
- Phishing phone calls. A cybercriminal poses as tech support from your bank, Microsoft or some other trusted organisation and persuades the user to download onto their computer.
- Piggybacking on legitimate software. A RAT can be downloaded by attaching itself to free software bundles — such as a video game.
- Automatically when you visit a website that has been infected with malware
How can I protect my computer from RAT infection?
To protect your system from RATs, follow the same procedures you use to prevent other malware infections:
- Keep your OS, antivirus and other application software up to date.
- Make sure your firewall is enabled and active.
- Be very careful when downloading any free software packages advertised on the web.
- Do not download software from sites you don’t trust. If in doubt, Google the website.
- Regularly backup your data.
- Use a safe browser like Chrome, Firefox or Edge when surfing the web. Safe browsers are able to prevent automatic downloads or notify you when a website you’ve landed on is unsafe.
- Avoid clicking pop-us, links or opening attachments from unsolicited emails.
- Download webcam on-off software from Sordum that can automatically turn off your device when you’re not using it.
- Use black tape to cover your webcam when you’re not using it if you don’t want to download software.
What can I do if my system is infected with RATs?
If you discover that your system has been infected with RAT, you need to take action immediately as soon as you discover the infection.
- Disconnect your device from the internet. Your device must be connected to the internet for RAT to work.
- Run a full scan of your machine using a powerful antiviral software like Malwarebytes.
- Use Malwarebytes to remove the malicious software. Malwarebytes is currently one of the most successful tools for removing RATs from an infected device.