Trojans and RATs – CompTIA Security+ SY0-601
Remote access trojans (RATs) give the attacker access to a variety of information on the infected device, including text messages, emails, contact lists, GPS location, camera feeds, and more.
The term RAT has two different definitions. One is a Remote Access Tool that system and network admins use to efficiently and effectively access and manage machines across any environment. This could be used to manage staging environments and has no malicious intent. The other definition is the Remote Access Trojan. This Remote Access Trojan has malicious intent. It is a harmful application or virus that is sent over different forms of communication from an attacker with the hopeful result of social engineering the victim to install the RAT. This RAT then allows the attacker to hack into the victim’s machine without their knowledge. This can be done for data theft and monetary gains.
In this YouTube video, you can learn more about how a RAT works and how an attack would happen.
Quasar is an open-source Remote Access Trojan and a Remote Access Tool that allows attackers or System Administrators to be able to access other machines.
First, you need to create the RAT. You can create a fake Office.04.exe file that will look like a real email with a free update for Office but it is really the RAT. You want the victim to open this file and install it on their computer. You will want to install Mailspring so you can tell if emails are open. That way you will get an alert once the victim opens the email with the RAT file atatched.
Once the victim opens the email and saves the RAT to the desktop and clicks on it the RAT is now active. A RAT needs two things, the server, and the client or victim. Once the RAT is active you will be able to see the victim’s machine on the attacker’s server. At this point, the victim still has no idea this has happened. Now the attacker has full control to take over the victim machine. They can show a message box, have remote access, or send it to the website.
When you send a message it will show up on the victim’s machine and they will learn they have been hacked. Most hackers will not do this but this is an example of how it would work.
You can select go back to the server and select Remote Shell. This will open a command prompt that will control the victim’s machine. Here they had the victim’s machine open Chrome. Then they can search for any passwords in order to get personal data.
You can also blank out the entire screen so the victim can’t see what is going on. If this happens to you make sure you turn off your computer!!
It is really easy to get into trouble when you open emails from people you don’t know and even worse if you open files from them!
How to Avoid the RAT!
- Do not be tempted to download programs or apps that are not from a trusted source, as they could contain RATs and other malware.
- Be sure you have antivirus software that you update regularly.
- Be cautious of phishing and be careful about what emails you open.
- Only open attachments from people you know and trust.
- Avoid suspicious websites and torrent downloading.
- Cover your webcam when not in use, whether it is a built-in or clip-on device.
The history of viruses is long and complex, but through it all, one thing has remained the same: motivation. RATs are dangerous, but malware is even more so. In this video, you’ll learn about the different types of RATs and the malicious and non-malicious actions that they initiate. Here is the full YouTube video with the demo you won’t want to miss! Be careful it might make you think twice about opening any emails from people you don’t know!