Thursday, May 8, 2025
HomeCyber Security NewsHackers are Increasingly Using Remote Admin Tools to Control Infected Systems

Hackers are Increasingly Using Remote Admin Tools to Control Infected Systems

Published on

SIEM as a Service

Follow Us on Google News

Recently, there has been a rise in incidences of hackers using “Remote Administration Tools” to control the infected system and bypass protection technologies.

Remote administration tools are software that allows managing and controlling terminals from a remote location. 

The tools can be used for work-from-home purposes as well as remote control, management, and maintenance of unmanned devices. “Remote Administration Tools,” or RATs, are legitimately utilized remote control tools.

- Advertisement - Google News

“By installing remote administration tools in a target system, the threat actor was able to simultaneously obtain control over the system and bypass anti-malware security products”, AhnLab shared in a report with GBHackers On Security.

Using Remote Administration Tools to Control Infected Systems

AnyDesk is a remote control application with many functions, including file transfer and remote desktop. Remote desktop is a program that allows a user to access and control an environment remotely where RDP or AnyDesk is installed.

In this case, attackers like the Conti ransomware group are known to connect AnyDesk with Cobalt Strike in an attempt to take control of a company’s internal network.

Remote control using AnyDesk
Remote control using AnyDesk

NetSupport is also a remote control program that also offers functions including sharing clipboard contents, taking screenshots, gathering browser history data, managing files, and executing commands.

It doesn’t require an installation process using a standard installer; it can be operated with just the essential internal files. Up until recently, it was disseminated by spam emails that purported to be purchase orders, shipment documents, invoices, or even phishing pages that tricked users into installing it themselves by pretending to be SocGholish software update pages.

NetSupport execution log – EDR detection
NetSupport execution log – EDR detection

Chrome Remote Desktop is a feature that Google provides. The Chrome web browser can be used to operate a system remotely that has the remote desktop program installed and associated with a user account. 

Attacks by the Kimsuky group, which is believed to have North Korean support, are typically carried out to steal technology and confidential data from businesses. To remotely control the compromised system, the group would install malware such as VNC or activate RDP after installing backdoor-type malware.

EDR detection of a suspicious Chrome Remote Desktop execution
EDR detection of a suspicious Chrome Remote Desktop execution

Chrome Remote Desktop has been used to take control of compromised PCs in certain recent situations.

Final Thoughts

AhnLab EDR gathers and provides relevant data, even when users utilize remote administration tools for legitimate remote control reasons. This enables administrators to identify and address suspicious behavior.

Additionally, when suspicious conditions lead to the installation of remote administration tools, these behaviors are recognized as threats, allowing administrators to determine the root cause, take appropriate action, and set up procedures to prevent recurrence.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

OpenCTI: Free Cyber Threat Intelligence Platform for Security Experts

OpenCTI (Open Cyber Threat Intelligence) stands out as a free, open source platform specifically...

LockBit Ransomware Group Breached: Internal Chats and Data Leaked Online

The notorious LockBit ransomware group, once considered one of the world’s most prolific cyber...

Cisco IOS XE Wireless Controllers Vulnerability Lets Attackers Seize Full Control

A critical security flaw has been discovered in Cisco IOS XE Wireless LAN Controllers...

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

OpenCTI: Free Cyber Threat Intelligence Platform for Security Experts

OpenCTI (Open Cyber Threat Intelligence) stands out as a free, open source platform specifically...

LockBit Ransomware Group Breached: Internal Chats and Data Leaked Online

The notorious LockBit ransomware group, once considered one of the world’s most prolific cyber...

Cisco IOS XE Wireless Controllers Vulnerability Lets Attackers Seize Full Control

A critical security flaw has been discovered in Cisco IOS XE Wireless LAN Controllers...