A Remote Access Trojan (RAT) is a malicious software suite that has client/server mechanism and facilitates covert, unfettered and unauthorized remote access to a victim’s computer. RATs are used by the attacker with malicious intent to surveillance the infected victim by recording audio, video, keystrokes, in addition RATs enable attacker to run services from the victim’s computer, it is also capable of exfiltrating files, and more.
RAT acts as server by running RAT “server program” on infected machine. Attacker deceives the targeted victims into installing RAT server program via social engineering tactics. Once the RAT server program is launched, it connects directly to the Command & Control Server (Client) owned by the attacker by using a predefined open TCP port of victim’s machine. Attacker uses C2 server to remotely manage the infected machine. RAT also can connect to multiple C2 servers running by the attacker.