Silence of the RATS (They See You, You Don't See Them)

Transcript

1. Silence of the RATs ( They see you, you don’t

   see them ) Gurzu Inc. Date: 2026/04/15 By: Bimal pariyar

2. What is a RAT? AGENDA 1 How RATs Get In

   2 How RATs Hide 3 What Can a RAT Do? 4 Famous RATs 5 Warning Signs 6 Prevention 7 Q&A 8 Key Takeaways 9

3. A Remote Access Trojan is malware that provides the attacker

   remote access and full control of the infected computer or server without the owner's knowledge or consent." Key distinction: professionals call legit tools "remote access tools" and malicious ones "remote access Trojans." Same technology, completely different intent • It's a Trojan, disguised as something harmless • Not a virus that breaks things. A spy that watches everything. • You won't get a notification or alerts.You don’t even see what’s happening. What is a RAT (Remote access Trojan)?

4. How RATs Get In They don't break in. You let

   them in just without knowing it. • Phishing emails with malicious attachments ("Your invoice is attached!") • Clicking a malicious link in an email, message, or social media post • Scanning a QR code that triggers a silent download • Visiting a compromised website (drive-by download no click needed) • Plugging in a found or gifted USB drive

5. How RATs Hide Getting in is only half the job.

   Staying hidden is the other half. • Renames itself to look like a legit system process (e.g. svchost.exe, chrome.exe) • Disables or tampers with your antivirus on arrival • Buries itself in startup tasks and the Windows registry to survive reboots • Hides its files from your file explorer and task manager • Sends stolen data over encrypted HTTPS — looks like normal browsing traffic

6. What Can a RAT Do? Once inside, the attacker has

   full control. Here's the menu: • Watch your screen in real time • Record your microphone without the indicator light • Access your webcam silently (the light can be disabled) • Log every keystroke — passwords, messages, card numbers • Browse, copy, move, or delete any file on your machine • Take full control of your mouse and keyboard • Use your device to attack other targets — you become the hacker • Steal saved passwords, session cookies, and banking credentials • Take automatic screenshots every few seconds

7. Famous RATs: RAT Cases DarkComet Syrian government used it to

   spy on activists — capturing webcam feeds and private messages. GhostNet RATs deployed across 103 countries, spying on governments, embassies, and NGOs. Blackshades Sold for $40 online. Used to spy on people on their own laptop’s webcam. Cellik A recent Android RAT featuring a one-click APK builder and real-time screen streaming to the attacker Quasar RAT Free and publicly available RAT. Axios RAT Supply chain attack on a 100M/week npm library. Auto-installed on developer machines silently.

8. Warning Signs RATs are quiet but not perfectly quiet. Watch

   for: • CPU or GPU spiking when you're doing nothing • Unusual outbound network traffic, especially late at night • Webcam light flickering on by itself • System noticeably slower than usual for no reason • Antivirus was disabled and you didn't do it • Files appearing, moving, or disappearing on their own • New startup entries or scheduled tasks you don't recognise • Passwords suddenly stopped working

9. Prevention The best RAT is one that never got in.

   • Keep your OS and software updated patches close the doors RATs use • Never open unexpected attachments, even from people you know verify first • Enable MFA/2FA everywhere, stolen credentials are useless without the second factor • Open suspicious files in a sandbox or VM, not your main machine • Monitor outbound network traffic unusual activity at 3am is a red flag

10. Q&A

11. Key Takeaways If you forget everything else, remember this: •

    RATs are silent, powerful, and easier to deploy than you think • They arrive via phishing, bad downloads, and QR codes • Once inside: your webcam, mic, keyboard, and files are all fair game • QR codes are the new phishing link always preview the URL • Always use MFA/2FA for all your logins