Secure your small business:
Apps → Data →

Cybersecurity Reference > risks and threats

Remote Access Trojan (RAT)

Quick definition  ⓘ
Why it matters: Remote access trojans are among the most threatening types of malware—because if they are left undetected, they can provide malicious actors with access to your data and systems for months or even years to come.
Proportion of sampled malware now using evasive techniques to avoid detection and removal by malware scanners.

Key Points

  • Remote access trojans enable malicious actors to secretly observe or access systems
  • They are delivered as a payload in any of the ways malware is typically delivered
  • If not detected, unauthorized persons may have access for months or even years
  • Beyond malware scanning, various kinds of log correlation are the best detection
© Shubas / Dreamstime

A remote access trojan is essentially a way for someone to backdoor your systems, networks, or resources via malware. Once in place, it provides entry to malicious actors until detected and removed.

Quick Read

Much of the discussion around malware over the last several years has concerned itself with ransomware, which has proven to be profitable for malicious actors, but remote access trojans (RATs) are damaging in a different, and in some cases, more insidious way.

This kind of malware, once delivered as a payload and operating, essentially creates a backdoor into your systems or network, enabling unauthorized persons to access and exfiltrate data, use resources, or harm targets in often difficult-to-detect ways. The usefulness of RATs for data exfiltration and systems control makes them a tool of choice in attacking government, critical infrastructure, and intellectual property targets.

One common infection vector, as is the case with most forms of malware today, are malicious links and payloads delivered to unsuspecting web users, who become infected and then open an avenue to dwell and lateral movement. These links and payloads may indeed be otherwise legitimate, as is the case with (for example) scriptable document types that have become infected and later shared within an office.

A similarly worrying infection vector for many professionals today is a form of third-party risk—RAT malware payloads delivered silently in apparently legitimate software updates that have been infected due to a breach in a provider's security.

Though malware scanners are in some cases effective in detecting RATs, in some cases—particularly those involving RATs delivered in system libraries via legitimate update pathways—they are more likely to be missed.

Aside from malware scanning, the best way to detect RATs is through sound log correlation and analytics leveraging other cybersecurity tools. For example, a Plurilock DEFEND user with a SIEM deployment that carefully correlates network connections to particular sets of hands on keyboards around the network can spot RATs by noting those connections that don't belong to internal services or to particular known users.

These "unknown" connections should be investigated quickly, as they could be evidence of RATs.

Further Reading

—Aron Hsiao

Need Remote Access Trojan solutions?
We can help!

Plurilock offers a full line of industry-leading cybersecurity, technology, and services solutions for business and government.

Talk to us today.


Thanks for reaching out! A Plurilock representative will contact you shortly.

More to Know

RATs are Trojan Horses

RATs belong to category of malware known as trojan horses because they arrive in disguise—either appearing to be a kind of software that they are not, or hidden within software believed to be desirable—yet once inside, embark on their actual mission, which is malicious.

© Rawpixelimages / Dreamstime

RATs are Insidious Because They Hide

RATs can do their job only so long as they remain undetected—so they are engineered to be innocuous or evasive, in order to provide a stranger well out of sight illicit access to confidential information or critical resources across the global networks.

© Rafal Olechowski / Dreamstime

Network Detection, Not Just Malware Scanning

Because so many RATs incorporate evasion techniques to make it difficult for malware scanners to detect them, it is important to audit and correlate network activity as well; unexplainable network activity, particularly in relation to sensitive resources, could be evidence of a RAT.

Quick Definition

A Remote Access Trojan, or RAT, is a type of malware that, when installed on a computing system, enables a remote attacker to surreptitiously access the system, its resources, and its data. Remote access trojans are a subset of a larger category of malware known as "trojan horses," so named because they are installed either in secret or under false pretenses or misdirection for the purpose of enabling security protections to be defeated and the system to be taken over.

Subscribe to the newsletter for Plurilock and cybersecurity news, articles, and updates.

You're on the list! Keep an eye out for news from Plurilock.