A RAT (remote access trojan) is a type of trojan malware that disguises itself as harmless software while secretly giving an adversary remote control over the infected device, letting them issue commands, steal data, or activate hardware like a webcam.
A RAT stands for remote access trojan. Like any trojan, it hides inside software that looks safe so you'll run it yourself. The twist is what it does once it's in: it hands an adversary remote control of your device. They can sit somewhere else entirely and issue commands as if they were sitting at your keyboard.
That control is the whole point. Per EK 4.1.B.2, a trojan is malware embedded in software that seems harmless, and a RAT is the version built to give the attacker a backdoor. Once installed, they can view your actions, turn on your webcam or microphone, steal files, or push their own commands to the machine. The CED describes exactly this in EK 4.1.C.1 when it talks about an adversary taking control of a device to issue commands, including commands to steal or destroy information. A RAT is the tool that makes that happen quietly and persistently.
RAT lives in Unit 4: Securing Devices, specifically Topic 4.1 (Device Vulnerabilities and Attacks). It's a named example under learning objective AP Cybersecurity 4.1.B, where you identify the type of malware used in a cyberattack. It also ties directly into 4.1.C (explaining how adversaries exploit vulnerabilities) and 4.1.D (assessing risk), because a RAT is one of the clearest ways an attacker turns a device flaw into total control. Knowing that 'remote control of a device' equals 'RAT' is the kind of fast mapping the exam rewards.
Keep studying AP Cybersecurity Unit 4
Visual cheatsheet
view galleryCommand and Control / C2 (Unit 4)
A RAT is useless without something to talk to. The infected device 'phones home' to a C2 server, which is where the adversary sends commands and receives stolen data. Think of the RAT as the puppet and C2 as the hand pulling the strings.
Trojans and the malware family (Unit 4)
A RAT is a specific kind of trojan, which is malware hidden inside seemingly harmless software (EK 4.1.B.2). Viruses need a user to run a file and worms spread on their own, but a trojan tricks you into installing it. A RAT just adds remote control on top of that disguise.
Keylogger (Unit 4)
Both spy on the user, but a keylogger only records keystrokes while a RAT gives full remote control. Attackers often bundle keylogging as one feature inside a larger RAT, so the keylogger is the narrow tool and the RAT is the whole toolkit.
Device vulnerabilities and unpatched software (Unit 4)
EK 4.1.C.1 says unpatched software lets adversaries take control of a device. A RAT is frequently how that control gets delivered, so the exploit opens the door and the RAT walks through it and stays.
Expect RAT to show up as the answer to 'which type of malware' multiple-choice stems. A question describing an adversary who can remotely view actions, turn on a webcam, or issue commands on a victim's device is pointing at a RAT. Watch for the related stems that ask you to name the exploit code or the unpatched OS itself, because those are different terms, so read carefully and match the description to the exact concept. No released FRQ has used 'RAT' verbatim, but it supports the device-risk analysis that objective 4.1.D expects, where you document how malware that allows remote control raises the risk level for critical devices.
A RAT is the malware installed on the victim's device that grants remote control. C2 is the infrastructure (servers and channels) the attacker uses to send the RAT commands and collect its output. The RAT lives on the target; C2 lives on the attacker's side. They work together, but they're not the same thing.
RAT stands for remote access trojan, a trojan that secretly gives an adversary remote control of an infected device.
It's a named malware example under learning objective AP Cybersecurity 4.1.B in Unit 4.
A RAT lets attackers steal data, run their own commands, and activate hardware like a webcam or microphone (EK 4.1.C.1).
RATs rely on command and control (C2) infrastructure to receive instructions and send back stolen data.
On the exam, a description of remote control over a victim's device is the signal that the answer is a RAT, not a virus or worm.
A RAT is a remote access trojan, malware disguised as harmless software that gives an attacker hidden remote control of your device. Once installed, they can steal files, watch your screen, or turn on your webcam from anywhere.
No. A virus needs a user to run or open a file and spreads by infecting other files, while a RAT is a type of trojan focused on giving an attacker remote control. They're both malware, but the exam expects you to tell the categories apart.
The RAT is the malware sitting on the victim's device, and C2 is the attacker's server-side infrastructure that sends it commands and collects stolen data. The RAT is the puppet; C2 is the puppeteer.
Like any trojan, a RAT hides inside software that looks safe so you install it yourself, or it slips in through an exploit for unpatched software described in EK 4.1.C.1. Once in, it sets up a backdoor for remote control.
Because it gives full remote control, a RAT can impersonate an authorized user, steal sensitive data, or destroy information (EK 4.1.D.1). The risk climbs higher when the infected device stores critical data or runs important services.
Connect this key term to the AP exam workflow: review the course, practice questions, and check related study tools.