---
title: "RAT — AP Cybersecurity Definition & Exam Guide"
description: "A RAT (remote access trojan) is malware that gives an adversary hidden remote control of your device. Learn what it does, how it's tested, and how it links to C2."
canonical: "https://fiveable.me/ap-cybersecurity/key-terms/rat"
type: "key-term"
subject: "AP Cybersecurity"
unit: "Unit 4"
---

# RAT — AP Cybersecurity Definition & Exam Guide

## Definition

A RAT (remote access trojan) is a type of trojan malware that disguises itself as harmless software while secretly giving an adversary remote control over the infected device, letting them issue commands, steal data, or activate hardware like a webcam.

## What It Is

A **RAT** stands for *[remote access trojan](/ap-cybersecurity/key-terms/remote-access-trojan "fv-autolink")*. Like any trojan, it hides inside [software](/ap-cybersecurity/unit-4/protecting-devices/study-guide/n86HF5aR65a2DLQwNHDn "fv-autolink") that looks safe so you'll run it yourself. The twist is what it does once it's in: it hands an adversary remote control of your device. They can sit somewhere else entirely and issue commands as if they were sitting at your keyboard.

That control is the whole point. Per EK 4.1.B.2, a trojan is [malware](/ap-cybersecurity/key-terms/malware "fv-autolink") embedded in software that seems harmless, and a RAT is the version built to give the attacker a backdoor. Once installed, they can view your actions, turn on your webcam or microphone, steal files, or push their own commands to the machine. The CED describes exactly this in EK 4.1.C.1 when it talks about an adversary taking control of a device to issue commands, including commands to steal or destroy information. A RAT is the tool that makes that happen quietly and persistently.

## Why It Matters

RAT lives in **[Unit 4](/ap-cybersecurity/unit-4 "fv-autolink"): Securing Devices**, specifically Topic 4.1 (Device Vulnerabilities and Attacks). It's a named example under learning objective [AP Cybersecurity](/ap-cybersecurity "fv-autolink") 4.1.B, where you identify the type of malware used in a cyberattack. It also ties directly into 4.1.C (explaining how adversaries exploit vulnerabilities) and 4.1.D (assessing risk), because a RAT is one of the clearest ways an attacker turns a device flaw into total control. Knowing that 'remote control of a device' equals 'RAT' is the kind of fast mapping the exam rewards.

## Connections

### Command and Control / C2 (Unit 4)

A RAT is useless without something to talk to. The infected device 'phones home' to a C2 server, which is where the [adversary](/ap-cybersecurity/key-terms/adversary "fv-autolink") sends commands and receives stolen data. Think of the RAT as the puppet and C2 as the hand pulling the strings.

### Trojans and the malware family (Unit 4)

A RAT is a specific kind of [trojan](/ap-cybersecurity/key-terms/trojan "fv-autolink"), which is malware hidden inside seemingly harmless software (EK 4.1.B.2). Viruses need a user to run a file and worms spread on their own, but a trojan tricks you into installing it. A RAT just adds remote control on top of that disguise.

### [Keylogger (Unit 4)](/ap-cybersecurity/key-terms/keylogger)

Both spy on the user, but a [keylogger](/ap-cybersecurity/key-terms/keylogger "fv-autolink") only records keystrokes while a RAT gives full remote control. Attackers often bundle keylogging as one feature inside a larger RAT, so the keylogger is the narrow tool and the RAT is the whole toolkit.

### Device vulnerabilities and unpatched software (Unit 4)

EK 4.1.C.1 says unpatched software lets adversaries take control of a device. A RAT is frequently how that control gets delivered, so the exploit opens the door and the RAT walks through it and stays.

## On the AP Exam

Expect RAT to show up as the answer to 'which type of malware' multiple-choice stems. A question describing an adversary who can remotely view actions, turn on a webcam, or issue commands on a victim's device is pointing at a RAT. Watch for the related stems that ask you to name the *exploit code* or the *unpatched OS* itself, because those are different terms, so read carefully and match the description to the exact concept. No released FRQ has used 'RAT' verbatim, but it supports the device-risk analysis that objective 4.1.D expects, where you document how malware that allows remote control raises the risk level for critical devices.

## RAT vs command and control (C2)

A RAT is the malware installed on the victim's device that grants remote control. C2 is the infrastructure (servers and channels) the attacker uses to send the RAT commands and collect its output. The RAT lives on the target; C2 lives on the attacker's side. They work together, but they're not the same thing.

## Key Takeaways

- RAT stands for remote access trojan, a trojan that secretly gives an adversary remote control of an infected device.
- It's a named malware example under learning objective AP Cybersecurity 4.1.B in Unit 4.
- A RAT lets attackers steal data, run their own commands, and activate hardware like a webcam or microphone (EK 4.1.C.1).
- RATs rely on command and control (C2) infrastructure to receive instructions and send back stolen data.
- On the exam, a description of remote control over a victim's device is the signal that the answer is a RAT, not a virus or worm.

## FAQs

### What is a RAT in cybersecurity?

A RAT is a remote access trojan, malware disguised as harmless software that gives an attacker hidden remote control of your device. Once installed, they can steal files, watch your screen, or turn on your webcam from anywhere.

### Is a RAT the same as a virus?

No. A virus needs a user to run or open a file and spreads by infecting other files, while a RAT is a type of trojan focused on giving an attacker remote control. They're both malware, but the exam expects you to tell the categories apart.

### How is a RAT different from command and control (C2)?

The RAT is the malware sitting on the victim's device, and C2 is the attacker's server-side infrastructure that sends it commands and collects stolen data. The RAT is the puppet; C2 is the puppeteer.

### How does a RAT get onto a device?

Like any trojan, a RAT hides inside software that looks safe so you install it yourself, or it slips in through an exploit for unpatched software described in EK 4.1.C.1. Once in, it sets up a backdoor for remote control.

### Why is a RAT considered high risk?

Because it gives full remote control, a RAT can impersonate an authorized user, steal sensitive data, or destroy information (EK 4.1.D.1). The risk climbs higher when the infected device stores critical data or runs important services.

## Related Study Guides

- [4.1 Device Vulnerabilities and Attacks](/ap-cybersecurity/unit-4/device-vulnerabilities-and-attacks/study-guide/HACz1L7MBGLXO5AANWlK)

## Structured Data

```json
{"@context":"https://schema.org","@graph":[{"@type":"LearningResource","@id":"https://fiveable.me/ap-cybersecurity/key-terms/rat#resource","name":"RAT — AP Cybersecurity Definition & Exam Guide","url":"https://fiveable.me/ap-cybersecurity/key-terms/rat","learningResourceType":"Concept explainer","educationalLevel":"AP® / High School","about":{"@id":"https://fiveable.me/ap-cybersecurity/key-terms/rat#term"},"audience":{"@type":"EducationalAudience","educationalRole":"student"},"dateModified":"2026-06-15T18:59:32.492Z","isPartOf":{"@type":"Collection","name":"AP Cybersecurity Key Terms","url":"https://fiveable.me/ap-cybersecurity/key-terms"},"publisher":{"@type":"Organization","name":"Fiveable","url":"https://fiveable.me"}},{"@type":"DefinedTerm","@id":"https://fiveable.me/ap-cybersecurity/key-terms/rat#term","name":"RAT","description":"A RAT (remote access trojan) is a type of trojan malware that disguises itself as harmless software while secretly giving an adversary remote control over the infected device, letting them issue commands, steal data, or activate hardware like a webcam.","url":"https://fiveable.me/ap-cybersecurity/key-terms/rat","inDefinedTermSet":{"@type":"DefinedTermSet","name":"AP Cybersecurity Key Terms","url":"https://fiveable.me/ap-cybersecurity/key-terms"},"educationalAlignment":[{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 4, Topic 4.1, LO 4.1.A"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 4, Topic 4.1, LO 4.1.B"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 4, Topic 4.1, LO 4.1.C"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 4, Topic 4.1, LO 4.1.D"}]},{"@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What is a RAT in cybersecurity?","acceptedAnswer":{"@type":"Answer","text":"A RAT is a remote access trojan, malware disguised as harmless software that gives an attacker hidden remote control of your device. Once installed, they can steal files, watch your screen, or turn on your webcam from anywhere."}},{"@type":"Question","name":"Is a RAT the same as a virus?","acceptedAnswer":{"@type":"Answer","text":"No. A virus needs a user to run or open a file and spreads by infecting other files, while a RAT is a type of trojan focused on giving an attacker remote control. They're both malware, but the exam expects you to tell the categories apart."}},{"@type":"Question","name":"How is a RAT different from command and control (C2)?","acceptedAnswer":{"@type":"Answer","text":"The RAT is the malware sitting on the victim's device, and C2 is the attacker's server-side infrastructure that sends it commands and collects stolen data. The RAT is the puppet; C2 is the puppeteer."}},{"@type":"Question","name":"How does a RAT get onto a device?","acceptedAnswer":{"@type":"Answer","text":"Like any trojan, a RAT hides inside software that looks safe so you install it yourself, or it slips in through an exploit for unpatched software described in EK 4.1.C.1. Once in, it sets up a backdoor for remote control."}},{"@type":"Question","name":"Why is a RAT considered high risk?","acceptedAnswer":{"@type":"Answer","text":"Because it gives full remote control, a RAT can impersonate an authorized user, steal sensitive data, or destroy information (EK 4.1.D.1). The risk climbs higher when the infected device stores critical data or runs important services."}}]},{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"AP Cybersecurity","item":"https://fiveable.me/ap-cybersecurity"},{"@type":"ListItem","position":2,"name":"Key Terms","item":"https://fiveable.me/ap-cybersecurity/key-terms"},{"@type":"ListItem","position":3,"name":"Unit 4","item":"https://fiveable.me/ap-cybersecurity/unit-4"},{"@type":"ListItem","position":4,"name":"RAT"}]}]}
```
