Top Remote Access Trojans (RATs) 2026
The most active RATs and keyloggers ranked by sample volume.
AsyncRAT
rat ↓ Declining 18%An open-source .NET remote access trojan widely adopted by threat actors for its extensibility, ease of deployment, and active community development.
QuasarRAT
rat ↓ Declining 50%A lightweight open-source remote administration tool for Windows, widely repurposed by both cybercriminals and nation-state actors for persistent remote access.
Remcos RAT
ratA commercial remote access tool frequently abused by threat actors for surveillance, credential theft, and persistent backdoor access.
Snake Keylogger
keyloggerA .NET-based keylogger and credential stealer sold on underground forums, notable for its multiple data exfiltration channels and aggressive harvesting capabilities.
What Are Remote Access Trojans?
Remote Access Trojans (RATs) give attackers persistent, hidden control over infected systems. Unlike infostealers that grab data and exit, RATs maintain a backdoor — enabling keylogging, screen capture, file exfiltration, and lateral movement across networks. They're the tool of choice for targeted attacks, APT campaigns, and ransomware pre-positioning.
Open-source RATs like AsyncRAT and QuasarRAT are widely used because they're free, customizable, and well-documented. Commercial RATs like Remcos offer polished C2 panels and are sold as "legitimate remote administration tools" — a thin legal veneer over their primary use in cybercrime.