Remote Access Trojan Scam Explained
Key Points
- The segment begins by exposing a common tech‑support scam where impostors pose as “John” and push malicious “disinfection” software that actually installs a Remote Access Trojan (RAT).
- A RAT is explained as a Trojan‑type malware that lets an attacker remotely control a computer, capture keystrokes, view the screen, access files, inject additional malware, and even activate webcams and microphones.
- While legitimate remote‑access tools exist for help‑desk troubleshooting, when abused by malicious actors they become dangerous RATs, granting total control over the victim’s system.
- The primary infection method described is social engineering: attackers create fear, uncertainty, and doubt (FUD) and a false sense of urgency to trick users into downloading and executing the malicious software without critical thinking.
Sections
- Tech Support Scam & RAT Warning - The segment exposes a fraudulent “technical support” ploy that installs a Remote Access Trojan, explaining how RATs masquerade as helpful software and detailing the extensive control they give attackers over a victim’s computer.
- User Self-Infection via Social Engineering - The speaker explains how users unwittingly install remote access malware through malicious sites, fake antivirus pop‑ups, and phishing emails.
- Validate Calls, Secure Software Access - The speaker advises treating unsolicited calls as suspicious, confirming contact numbers independently, downloading software only from trusted sources, employing antivirus/EDR tools, and enabling multi‑factor authentication to prevent RAT compromises.
Full Transcript
# Remote Access Trojan Scam Explained **Source:** [https://www.youtube.com/watch?v=zTxuuYayUag](https://www.youtube.com/watch?v=zTxuuYayUag) **Duration:** 00:08:51 ## Summary - The segment begins by exposing a common tech‑support scam where impostors pose as “John” and push malicious “disinfection” software that actually installs a Remote Access Trojan (RAT). - A RAT is explained as a Trojan‑type malware that lets an attacker remotely control a computer, capture keystrokes, view the screen, access files, inject additional malware, and even activate webcams and microphones. - While legitimate remote‑access tools exist for help‑desk troubleshooting, when abused by malicious actors they become dangerous RATs, granting total control over the victim’s system. - The primary infection method described is social engineering: attackers create fear, uncertainty, and doubt (FUD) and a false sense of urgency to trick users into downloading and executing the malicious software without critical thinking. ## Sections - [00:00:00](https://www.youtube.com/watch?v=zTxuuYayUag&t=0s) **Tech Support Scam & RAT Warning** - The segment exposes a fraudulent “technical support” ploy that installs a Remote Access Trojan, explaining how RATs masquerade as helpful software and detailing the extensive control they give attackers over a victim’s computer. - [00:03:03](https://www.youtube.com/watch?v=zTxuuYayUag&t=183s) **User Self-Infection via Social Engineering** - The speaker explains how users unwittingly install remote access malware through malicious sites, fake antivirus pop‑ups, and phishing emails. - [00:06:07](https://www.youtube.com/watch?v=zTxuuYayUag&t=367s) **Validate Calls, Secure Software Access** - The speaker advises treating unsolicited calls as suspicious, confirming contact numbers independently, downloading software only from trusted sources, employing antivirus/EDR tools, and enabling multi‑factor authentication to prevent RAT compromises. ## Full Transcript
Hello, this is John from Technical Support.
We see some unusual activity on your computer and we think you may be infected with the virus.
But don't worry, we have special disinfection software.
Go to this website, download that, and it will help you clean your system.
Only problem with that scenario
is I'm not from technical support.
There's no virus on your computer.
In fact, my name is not even John.
And in fact, that special disinfection
software -- that's about to make things worse.
Let's take a look.
Okay, what just happened there?
Well, you've been hit by a RAT and a bad one.
And yes, there are, in fact, good ones.
But we're going to talk about the bad ones in this video.
What's a RAT? Well, it's a Remote Access Trojan.
A trojan is short for Trojan horse.
It's basically a piece of malware that's wrapped inside another piece of software.
So maybe it's a program that proclaims to do something good or harmless or entertaining.
But in fact, there's bad stuff inside it.
A remote access refers to the fact
that a bad guy is going to be able to remotely control your system.
So here's our bad guy and what he's going to be able to do once he has
the RAT installed on your system, that special software,
he's going to be able to see everything you type on your keyboard, including all your passwords.
In fact, he can even type things in as if you had typed them in--complete control.
He's going to see everything that comes up on your monitor.
So all the sensitive, confidential information you might be reviewing--not only today,
but a week from now, you'll still be able to see everything that you see.
You'll be able to have direct access to your disk.
You'll be able to put malware on there, maybe ransomware, maybe encrypt all your files
and make you pay him in order to get that information back--or just delete it all.
He's going to have access to your webcam
and to the microphone on your laptop.
How about that for creepy?
In other words, he can turn these things on even when you're not aware of it
and see everything you do and listen to everything you say.
That's what a remote access trojan would do.
There's other things called remote access tools that can be used by Help Desk for legitimate reasons
in order to do a couple of these kinds of things, to see what's
working on your system and help you diagnose the problem.
But in the hands of a wrong actor,
this becomes a RAT, a trojan.
And this guy has complete control over your system.
Okay, let's see how these different types of infections
can occur where you become infected with a RAT.
So the first one we already took a look at.
This is basically a social engineering attack.
And in this case, the bad guy is going to call this guy.
And when he does, he's going to instill in him a sense of fear,
uncertainty and doubt. FUD.
There's going to be a sense of urgency.
You need to do something now because we don't want you to stop and really think about this.
We want you to just act.
And what this guy is going to do is go on to his laptop.
He's going to go over to the site that is controlled by the bad guy.
He's going to download this stuff and now his system is infected with the RAT.
And this guy has complete control over his system.
Let's take a look at another example.
How about a pop up occurs?
This guy is on his laptop, minding his own business, surfing the web,
and all of a sudden a pop up appears on his system.
And the pop up gives him instructions.
The instructions could be that he just goes to this site and downloads
the disinfection software because it's telling him “you've got a virus.” And by the way,
this is from some well-known antivirus company that it claims to be that it really isn't.
Or it could be that it tells him to use his phone and call.
And then the person he calls leads him through the same type of scenario,
but the same results occur in both of these.
The pop up is just the way to initiate the action.
But the user is actually infecting themself in both of these cases.
And then one more that we'll take a look at is a more silent kind of case.
In this case,
they're going to get an email--it’s going to come from the bad guy into his system.
And this email is like a phishing email or something of that sort.
And it's going to tell him to click on a link.
It may not tell him that he's been infected, or it might, it could be either one of these circumstances.
It could say that it's coming from his bank and he needs to install new software in order to access his account.
Or it could say we're from such and such
antivirus company or such and such operating system company,
and we found the virus and we need you to install the software.
Once again, same scenario.
He goes over to the bad guy’s site, downloads
an app, downloads software, and now he's under complete control.
This guy now has a command and control server that allows him to do whatever he wants on the good guy’s system.
Okay, so what can you do to prevent this from happening to you?
Well, there's a lot of things. In fact, that's the good news.
First and most important, have a good backup.
If everything else fails, you want to be able to go to your backup and recover.
So make sure you have that. Do that now.
Next thing is, make sure that you patch your systems.
I know it's inconvenient sometimes to stop what you're doing and put on all of those
vendor patches from all the different apps and all the different OSes.
But if you don't, there may be a vulnerability that the bad guy is going to exploit
that gives him the remote access trojan capability onto your system.
Another one is learn the tactics, techniques and procedures (TTPs) of the bad guys.
In other words, how do they go about doing what they do?
If you understand how your adversary works, then you'll have a much better
idea of how to avoid what they do and you won't fall victim to it.
So be aware.
Educate yourself.
Then, if you do think you need to call tech support for a problem.
If they call you and report that they found an issue.
I'm going to tell you, first of all, generally operating
system companies do not call customers out of the clear blue.
So you should suspect that something is up.
Neither do application vendors for the most part either.
So if you do think for some reason you want to check this out, say,
“Okay, I'll give you a call back,” and don't take the number that they tell you.
Then you go and look up the number for that company and you call them directly and then you can find out.
So you do a separate call that you've initiated and you know where you're actually calling.
Get all of your software from trusted sources.
Don't go to just any old app store and download stuff
because that may have a trojan inside it and you may have just infected yourself.
So as best possible, know that your software comes from trusted sources.
Use antivirus, endpoint detection and response software.
The EDR stuff is used more in enterprise environments, AV,
very common on user retail systems.
But use these technologies because they can sometimes detect
these RATs, the well-known ones, and stop them in their tracks.
And then as another sort of safety measure, use multi-factor authentication on all of your accounts.
Don't let it just be a user ID and password that gets you in
because the guy controlling the RAT may--
remember --control your keyboard and when you type in your password, they get your password.
Then they can log in as you.
But if they also need to have possession of your phone
in order to get your biometric to open the phone up or to get into the app,
you know, with an SMS message that goes to your phone, it makes it harder for them.
Now, of course, they could have a RAT on your phone as well.
So there's a lot of different things that could be involved here.
But multi-factor authentication certainly makes the job harder for the bad guy.
And then one of the other things you could do is basically turn off the camera or put a block, put a
piece of tape, put something over the webcam on your laptop and only take it off when you plan to use it.
That way, if someone is on your system, then they won't be able to see anything
and you'll have at least a little more peace of mind in that case.
They actually make little devices that you can stick on that allow you to slide and open and close the camera.
So look for that kind of capability as well.
So there's a lot of things you can do here.
That's the good news.
And I'll just say, if John from Tech Support
gives you a call, best thing you could do, just hang up.
Don't get infected by a RAT.
Thanks for watching.
If you like this video, please like and subscribe.
And don't forget to hit the notify button so that you'll be aware of other videos like this when they come out.