Remote Access Trojan

Gh0st RAT

First seen: 2008 • Status: active

Currently Active Threat

Gh0st RAT is a free spy program whose code was shared publicly, so now many different hackers use their own versions of it for attacks.

Overview

Gh0st RAT is an open-source RAT originally developed in China. Its source code availability has led to widespread use by various threat actors and numerous variants with enhanced capabilities.

Also Known As

Gh0st, Ghost RAT, Moudoor

How It Spreads

  • Spear phishing
  • Exploit kits
  • Malicious downloads

What It Does

  • Remote desktop access
  • Keylogging
  • Webcam capture
  • Microphone recording
  • File management

Is your business exposed?

Target Platforms

Windows

Detection Tips

  • Monitor for Gh0st network traffic patterns
  • Check for known Gh0st variants signatures
  • Analyze process injection activity
  • Review startup locations for persistence

MITRE ATT&CK Techniques

T1021, T1056, T1125, T1123, T1083

If You're Infected

  1. 1.

    Terminate Gh0st RAT processes

  2. 2.

    Remove persistence mechanisms

  3. 3.

    Block C2 communications

  4. 4.

    Reset compromised credentials

Related Malware

Poisonivy, Njrat, Darkcomet

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices