RATs explained: The invisible malware taking over your phone and bank account

Imagine this scenario: a stranger sitting in your chair, using your computer or phone, looking through your photos, messages and logging into your bank account, all while you are sitting right there but unaware.

While this sounds like something straight out of a sci-fi film, it's scary to think it's actually a reality and its a malicious software known as a RAT, or Remote Access Trojan.

RATs are becoming one of the fastest-growing and most dangerous tools in a cybercriminal’s arsenal, and can turn your personal device into a tool for surveillance and theft.

What is a RAT?

The term "Trojan" comes from the Greek myth of the Trojan Horse: a giant wooden horse presented as a gift that secretly held soldiers inside to destroy the city. The name is not original but the malware itself is not something to scoff at.  

In the digital world, a Remote Access Trojan works the same way. It is a program that pretends to be something you want or need, like a software update, a game, or a document, but hidden inside is a "backdoor".

Unlike a standard virus that might just crash your computer, a RAT is designed to give a hacker full control over your device from anywhere in the world. Once infected, the criminal can basically do anything on your computer that you can do.

So how does it get in?

The oldest trick in the hacker's book is "social engineering." Common methods include:

Phishing Emails: You receive an email with an attachment or link that looks legitimate but installs the RAT when clicked.

Fake Calls: A booming scam involves criminals calling victims claiming to be from a bank, courier, or government department. They claim there is an "urgent problem" with your account and instruct you to download an app to fix it. That app is the RAT.

Infected downloads: Torrents or free versions of expensive software often carry these hidden intruders.

Once the RAT is installed, it connects your device to the hacker's computer. It is designed to be invisible,  so you might not see any pop-ups or warnings.

With this access, criminals can do anything they want as the device is basically theirs, in a way.

Hackers can turn on your webcam to watch you or listen through your microphone without the recording light turning on.

They could record every key you type, 'watch' you capture passwords, usernames, and private messages.

It gets scarier. In sophisticated banking scams, the fraudster watches your screen in real-time. When you log in to your bank, they intercept the One-Time Pins (OTPs) sent to your phone and make transactions as if they were you.

 They can even use your computer’s power to mine cryptocurrency, which slows down your device and drives up your electricity bill.

How do you know if your device is infected?

While RATs try to hide, there are subtle signs that something is wrong.

If your mouse cursor moves on its own or files open without you clicking them, disconnect from the internet immediately.

It's also advisable to be wary if your webcam light turns on when you aren’t on a video call.

If your computer suddenly runs very slowly, becomes hot, or the fan runs noisily when you aren’t doing heavy work, a RAT might be running in the background.

How to Stay Safe

Scammers thrive on urgency, so if someone calls to claim your account is about to be blocked, hang up and call the company back on their official number.

Put a sticker or cover over your webcam when you aren’t using it.

Only download apps from official app stores (like Google Play or the Apple App Store) and never install software at the urging of a stranger on the phone and if you think you are infected, turn off your Wi-Fi or unplug your ethernet cable immediately to cut the hacker's connection.

IOL