Overview of Backdoors
A backdoor is a piece of malicious code that is designed to allow surreptitious access to a compromised system or systems. Backdoors may be delivered through a variety of mechanisms, including phishing, droppers, and downloaders. Backdoors range in complexity from very simple tools that provide little more than a reverse shell to adversaries, to much more complicated tools with a wide array of “modules” that can increase the functionality of the program.
Backdoor programs will often run entirely in memory to avoid detection, and will often establish multiple forms of persistence to persist past reboots or attempts to remove it.
Backdoors vs Remote Administration Tools vs Remote Access Trojans
One area that is often widely misunderstood when discussing backdoors is how they materially different from remote administration tools and remote access trojans (both referred to as RATs). While all of the tools have a similar objective, allowing another user remote access to a system, the difference lies in use cases and program complexity.
Backdoors are code that was developed with malicious intent and are typically relatively simple tools that provide a use command line access to a system. While more complex backdoors exist, these tend to be the exception and less the rule.
Remote Administration Tools (RAT)
A remote administration tool (RAT) is typically a tool that was designed for legitimate system administration (often by remote help desks) but that has been repurposed by criminals to remotely administer a compromised system. RATs typically have full graphical user interfaces (GUIs) and provide the user with a much wider degree of control over the system.
Remote Access Trojans (RAT)
A remote access trojan (also RAT) is typically a tool that was designed with malicious intents to allow for undetected control of a compromised system. These RATS likewise feature a graphical user interface and often include different modules to “extend” the capabilities of the RAT dynamically.