Four steps to exterminating RATs controlling your computer

Red horse image imposed atop a circuitboard

With trojan detection numbers on the rise, the attention of security professionals is turning towards the packages which facilitate them.

Remote access trojans (RATs) are a type of malware program that allows hackers to covertly gain administrative control over a victim’s computer. Malicious RAT programs work by infiltrating the computer then connecting back to the hacker, giving them unauthorised access from a remote location.


Decade of the RATs - remote access trojans

Cross-platform APT espionage attacks targeting Linux, Windows and Android


RATs can be as damaging as they sound. Once scurrying around your computer, RATs enable hackers to use your microphone and camera, record on-screen activity, alter personal files, and distribute further malware to other networks. If left unopposed, RAT infections will only worsen.

Fortunately, there are a series of techniques which can be employed to prevent and remove RATs. Read on to learn how to safeguard your computer and keep RATs in the cage.

Individual awareness

Rather obviously, the best way to remove RATs from a computer is to avoid getting them in the first place. The most common route a RAT takes into a computer is through downloaded files, typically sent as attachments in emails.

For organisations with large hubs of administrative staff, meaning a greater number of email addresses to target and a larger risk-surface, employee-awareness of phishing practices must be heightened through comprehensive and recurring training; phishing tactics evolve and so blanket one-day training isn’t sufficient.

Knowing not to open email attachments from unfamiliar addresses, or even the email itself, is a vital step to curtailing malware. Nor should files be downloaded from untrustworthy sources on the web, both of which allow organisations to remain vigilant and clear of any RATs.

Patch management

The second preventative measure is to ensure patch management is constantly up-to-date. Updates are deployed for good reasons, and so it’s essential they are promptly downloaded for both operating systems and browsers alike.

Any time where updates are avoided, whether due to employees being unaware an update is available or if patches are viewed as irritating disruptors to workload, creates a window of opportunity for hackers. For those struggling to keep on top of patch management, it may be time to invest in a patch management tool.

Follow the trail of crumbs

If the worst comes to pass and efforts of prevention are undermined, it’s time to move into the location and removal phases. However, RATs can only be removed once they have first been detected. Therefore it’s vital to know and recognise what signs to look for, the trail of crumbs left by the RAT.

One of the less obvious signs is a slower network connection. Being a symptom related to many ailments, even seasoned IT professionals can be forgiven for experiencing connection issues and not immediately accusing invisible RATs. However, chances are that given a slower operating speed an autopsy is carried out, likely resulting in the inspector coming across an unexpectedly open IP port. This is a clear giveaway that there could be a RAT lurking in the shadows. Also look out for altered or deleted files, and unknown programs installed onto the device.

When suspicions are raised, it’s them time to install security software from a trusted and reliable source - here, exercise caution. Ideally, the computer would be disconnected from the internet to ensure the security probe can itself work undetected. After a full security scan, follow the recommended steps listed by the security software to remove the threat. Once the infection has been successfully removed, all details should be considered compromised. Passwords should be changed and accounts explored to scope out the damage.

Trojan removal tools

Ordinary antivirus scanners aren’t likely to detect encrypted RATs, proven by their ability to live undetected in computers for years. Utilising reputable antivirus and anti-malware solutions do help ensure RATs are unable to properly function, and assist in mitigating any data-collection activities, however the best way to target and remove RATs is through investing in an intrusion detection tool.

Intrusion detection tools are efficient and able to automate much of the removal process. They can contain signatures that can detect trojan packets within network traffic, and if properly configured, can even reliably detect encrypted traffic. Security administrators continue to rely on trojan-specific scanners as they are the only pieces of software that can consistently stamp out a RAT.

Here, the saving grace is that RATs take a lot of time to construct. Typically those employed by hackers are acquired rather than built, meaning that trojan scanners or even more general anti-virus software is able to pull them up. As they are a time-consuming method of attack, they are also generally saved for larger corporations where they provide hackers with a decent ROI. However, since any computer is a target, there’s pay in being prepared.