RAT – From Remote Access Tool to Remote Access Trojan

April 23, 2018

Technology progressed as the needs of the people advanced. It can also be said that the needs were created, because technology advanced. With the advancement of technology we think about automating processes and doing things remotely, which is why Remote Access has been a popular software tool on computers to operate another computer from afar.

R.A.T commonly known as Remote Access Tool is common used for productivity such as the software called Teamviewer. However behind the shadows where cyber criminals lurk, it became a tool used for their criminal activities, such as sniffing data, deploying malware payload, DDoS attacks, phishing activities etc through modifications and stealth function.
Once R. A. T. is modified for malicious use it is considered as a Trojan, mainly because of its ability to control a machine from afar with stealth.

One notorious example is NanoCore R.A.T. which was sold for only 25 USD in the darkweb in its early stages, during that time it was able to affect hundreds of thousands of computers. The R.A.T. Is a combination of many different functions of a malware that a cyber-criminal could ever dream of, because it has a built in key logger which records all keystrokes and other functions such as, record conversations and steal personal credentials on a computer. Surprisingly it could turn on web cameras on a computer in stealth to spy on a victim as well. This tool is perfect for those who are involved in targeted phishing who wants to increase their success rate in their criminal acts.


R.A.T. for Phishing

Despite NanoCore’s ability to steal credentials and keylogging feature, there is a possibility that the victim is cautious and won’t be typing in his/her banking credentials on the infected computer. Which is why this Trojan could at least harvest information for phishing authors to execute their plans to extract information through SPAM/SCAM emails which contains fake bank login pages.



Due to the nature and functions of the NanoCore Trojan, there will always be a possibility that a more dangerous version of it exist, and modified by cybercriminals to improve their success rate in terms of harvesting information. Personal identifiable information from names, credentials up to valuable government ID numbers fetch a good price in the dark web marketplace.


Securing Internal Network

It is fairly dangerous to be complacent on what we do on our computers, most especially on company owned computers where we log in using our credentials. Better have a system and a phishing intelligence security team where it can scan real time and monitor activities on the computer network where incoming and outgoing connections is heavily monitored through whitelisting.

It is also agreeable to get detected phishing sites down for the sake of security and safety on the web. Besides it is logical to protect one’s own company image offline and online. Intellectual property owners are expected to protect it from being used illegally, because it can eventually damage a company’s reputation knowing how fast information spread nowadays.

About the author

Leave a Reply