Remote Access Trojan
Remote Access Trojan or RAT technology Allows a Hacker to control your device remotely through a Malware. RAT can prove itself as a very destructive as well as constructive Program.
Image Source- https://hackersterminal.com/what-is-remote-access-trojan/
HOW THEY GET TO YOU
These types of Malicious programs are often attached to a "Real Legitimate Looking" Programs, files or Software. These programs mostly do not Announce their installation or never ask for a installation permission. These Programs are not listed in the active programs. And try to hide themselves as much as possible. Usually these are not taken seriously as they are mostly hidden.
RAT's as real hard to detect as they do not even slow down or affect the performance of the computer system.
DANGER !!
RAT's give a complete administrative control to the hacker who has injected the trojan for time til the trojan is undetected. It gives Anonymous access to sensitive documents, files, images to the attacker. RAT's can anonymously turn on systems camera or microphone proving itself Destructive.
An example of this occurred in 2008, when Russia used a coordinated campaign of physical and cyber warfare to seize territory from the neighboring Republic of Georgia. The Russian government did this using distributed deniel-of-Service (DDoS) attacks which cut off internet coverage across Georgia, combined with APTs and RATs allowing the government to both collect intelligence about and disrupt Georgian military operations and hardware. News agencies across Georgia were also targeted, many of which had their websites either taken down or radically altered.*
* From https://www.dnsstuff.com/remote-access-trojan-rat
Some of the common RAT's used Across the World**-
RAT 1: Sakula is believed to be associated with the recent OPM attack. It is signed, looks like benign software, and provides the attacker with remote administration capabilities over the victim machine. Sakula initiates simple HTTP requests when communicating with its command and control (C&C) server. The RAT uses a tool called “mimkatz” to perform “pass the hash” authentication, which sends the hash to the remote server instead of the associated plaintext password.
RAT 2: KjW0rm is believed to be associated with the recent breach of TV stations in France. KjW0rm was written in VBS, which makes it even harder to detect. The Trojan creates a backdoor that allows the attacker to take control of the machine, extract information, and send it back to the C&C server. (For more information about KjW0rm read this SentinelOne blog.)
RAT 3: Havex targets industrial control systems (ICS). It is very sophisticated and provides the attacker with full control over the infected machine. Havex uses different variants (mutations) and is very stealthy. The communication with its C&C server is established over HTTP and HTTPS. Its footprint inside the victim machine is minimal.
Remote Access Trojan or RAT technology Allows a Hacker to control your device remotely through a Malware. RAT can prove itself as a very destructive as well as constructive Program.
Image Source- https://hackersterminal.com/what-is-remote-access-trojan/
HOW THEY GET TO YOU
These types of Malicious programs are often attached to a "Real Legitimate Looking" Programs, files or Software. These programs mostly do not Announce their installation or never ask for a installation permission. These Programs are not listed in the active programs. And try to hide themselves as much as possible. Usually these are not taken seriously as they are mostly hidden.
RAT's as real hard to detect as they do not even slow down or affect the performance of the computer system.
DANGER !!
RAT's give a complete administrative control to the hacker who has injected the trojan for time til the trojan is undetected. It gives Anonymous access to sensitive documents, files, images to the attacker. RAT's can anonymously turn on systems camera or microphone proving itself Destructive.
An example of this occurred in 2008, when Russia used a coordinated campaign of physical and cyber warfare to seize territory from the neighboring Republic of Georgia. The Russian government did this using distributed deniel-of-Service (DDoS) attacks which cut off internet coverage across Georgia, combined with APTs and RATs allowing the government to both collect intelligence about and disrupt Georgian military operations and hardware. News agencies across Georgia were also targeted, many of which had their websites either taken down or radically altered.*
* From https://www.dnsstuff.com/remote-access-trojan-rat
Some of the common RAT's used Across the World**-
RAT 1: Sakula is believed to be associated with the recent OPM attack. It is signed, looks like benign software, and provides the attacker with remote administration capabilities over the victim machine. Sakula initiates simple HTTP requests when communicating with its command and control (C&C) server. The RAT uses a tool called “mimkatz” to perform “pass the hash” authentication, which sends the hash to the remote server instead of the associated plaintext password.
RAT 2: KjW0rm is believed to be associated with the recent breach of TV stations in France. KjW0rm was written in VBS, which makes it even harder to detect. The Trojan creates a backdoor that allows the attacker to take control of the machine, extract information, and send it back to the C&C server. (For more information about KjW0rm read this SentinelOne blog.)
RAT 3: Havex targets industrial control systems (ICS). It is very sophisticated and provides the attacker with full control over the infected machine. Havex uses different variants (mutations) and is very stealthy. The communication with its C&C server is established over HTTP and HTTPS. Its footprint inside the victim machine is minimal.
