Cybercrime: beware of the "RAT", the trojan that can control your cell phone

“The other day I got home and couldn't believe what I was seeing. Ads were playing by themselves on my dad's phone,” comments content creator Agus Cabaleiro, better known as Online Mami, in the Tik Tok video. The video, which shows how the phone opens more than 100 tabs without the user's control, went viral and many followers reported that the same thing happened to them. “My phone was a paperweight,” declared the influencer.

Cybersecurity experts explain that behind this chilling event lies a type of malware known as RAT, which stands for Remote Access Trojan. "This type of malware allows an attacker to take complete control of the victim's device remotely, as if they were physically handling it," explains Andrés García, solutions engineer at the technology company F5 LATAM.

Among the objectives of cybercriminals is the theft of sensitive information to extort and impersonate an identity or sell that information; spying on the user and monitoring all activity in real-time; hijacking the device (ransomware); and, lastly, using private information as a tool for blackmail.

👇👇 You might also be interested in this article 😀

Las peores contraseñas de 2025: si estás usando alguna, podrías ser víctima del próximo ciberataque

However, according to the specialist, the most common and dangerous achievement is the theft of banking and financial credentials. “The attacker can spy when you enter online banking passwords, 2FA codes (one-time passwords that serve as an extra layer of security), and even manipulate the screen to show you fake interfaces that capture your data. They can make fraudulent transfers directly,” he details.

What is a RAT and how does it operate on your phone

A RAT is a type of malware that allows the attacker to have remote access to the device. Unlike other viruses that are easier to detect, this software hides within fake applications, files sent via email, or links on social media. Once installed, it grants absolute control: camera, microphone, messages, browsing history, and even geolocation.

According to reports from Europol, these trojans have already been used for espionage, extortion, and bank theft. The attacker can, for example, turn on the phone's camera at any moment and obtain private images, or intercept verification codes from financial applications.

How is the hacking carried out?

“The victims of this cybercrime are people who do not perfectly master technology or do not have a level of education in digital security,” adds García. There are several ways in which the RAT can infect a phone, with downloading a malicious application being the most common because it raises less suspicion among users.

The solutions engineer explains three types of RAT hacks. In addition to downloading an illegitimate application, there is phishing. This method comes into play when a user opens an attachment in an email or message (like a PDF or an image) that exploits a vulnerability and installs the malware without them realizing it. Lastly, the malicious link. “The person clicks on a link sent via SMS or social media, which redirects to a webpage and thus initiates an automatic download of an APK file. That is nothing more and nothing less than the virus,” he says.

The expert's top recommendation to avoid falling for this type of hacking is to distrust applications from unknown sources and always install from Google Play Store or App Store (on iOS). He informs that on devices, the option "Unknown sources" or "Install unknown apps" can be disabled in the security settings of the phones.

Other tips include being cautious of applications that promise free premium services because they are almost always a trap. Also, keep the operating system updated - this "patches" security vulnerabilities that hackers exploit - and install a recognized antivirus.

“It is important to review the permissions of apps. If a flashlight app asks for access to your contacts and messages, it's a huge red flag,” adds Andrés García.

How to react if your phone is compromised

In the event of an attack of this type, the speed of reaction is key to protecting your data. The expert advises following these five steps immediately:

1. Disconnect Internet: "Turn off mobile data and Wi-Fi immediately. This cuts off the attacker's remote connection and prevents them from continuing to steal data in real-time or blocking your access."
2. Do not turn off the phone: "The malware could activate automatically when you turn it back on. The first step is to isolate it from the network."
3. Change all your passwords from another device: "Using a computer or another phone that is secure, immediately change the passwords for your email, online banking, social media, and any sensitive app. Activate two-step verification (2FA) on all of them if you didn't have it."
4. Contact the bank: "Inform them of the situation regarding the possible compromise of your credentials. They can monitor your accounts for fraudulent activity and guide you on the next steps (blocking cards, changing passwords, etc.)."
5. Format the device (Factory reset): "This is the only 100% safe way to eliminate a RAT. After formatting, restore your personal data and reinstall your applications only from the official Google Play or Apple Store."