Security news aggregator

Latest coverage for Remote Access Trojan

Coverage of remote access trojans examines malware controlling compromised devices, including incidents, analysis, infrastructure, disruption, and defenses.

9 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

A remote access trojan (RAT) is malware that gives an unauthorized operator remote control over an infected device. Depending on its design, it may execute commands, browse or copy files, log keystrokes, capture screens, or use a microphone or camera. RATs commonly communicate with attacker-controlled command-and-control infrastructure; capabilities and persistence vary, so reporting should identify the specific family or tool rather than assume every RAT has the same functions.

The main concerns are covert access, exposure of sensitive data, and use of the host to deploy additional malware or alter systems. Defenders should monitor endpoint processes and network behavior, restrict unnecessary outbound connections, keep software patched, and use endpoint controls that can detect unusual remote-control activity. If a RAT is suspected, isolate the device, preserve relevant logs and malware samples, investigate related accounts and hosts, and rotate credentials after containment; blocking one server alone may not remove persistence.

Volume over time

Weekly headline count for the current query.

Showing 9 most recent headlines Filtered view
Trend Micro Research, News and Perspectives 2 weeks, 6 days ago

TONResolver RAT Abuses TON Blockchain to Target Japan's Hotel Industry

In this blog entry, TrendAI™ Research examines a wave of phishing emails observed in May 2026 that targeted Japanese accommodation facilities using Booking.com, detailing the victims, attack techniques used, and characteristics of the malware involved.

TrendAI™ Research breaks down Quasar Linux (QLNX), a previously undocumented sophisticated Linux RAT with low detection rates. In this blog, we examine a full-featured Linux threat incorporating a rootkit, a PAM backdoor, credential harvesting, and more, revealing how this malware enables stealthy access, persistence, and potential supply-chain attacks.

A supply chain attack hit Axios when attackers used stolen npm credentials to publish malicious versions containing a phantom dependency. This triggered a cross-platform RAT during installation and replaced its files with clean decoys, making detection challenging.

Trend Micro Research, News and Perspectives 6 months, 1 week ago

Analyzing a Multi-Stage AsyncRAT Campaign via Managed Detection and Response

Threat actors exploited Cloudflare's free-tier infrastructure and legitimate Python environments to deploy the AsyncRAT remote access trojan, demonstrating advanced evasion techniques that abuse trusted cloud services for malicious operations.

Trend Micro Research, News and Perspectives 4 years, 2 months ago

NetDooka Framework Distributed via PrivateLoader Malware as Part of Pay-Per-Install Service

This report focuses on the components and infection chain ⁠of the NetDooka framework. Its scope ranges from the release of the first payload up until the release of the final RAT that is protected by a kernel driver.