Lost Door RAT

Lost Door RAT is a remote access trojan (RAT), also known as a remote administration tool, that can be used against Windows XP, Windows Vista, and Windows 8 through 10 to gain unauthorized access to a system. This is one of the few malicious tools that are openly available for purchase on the publicly accessible Internet, as opposed to the Deep or Dark Web. Lost Door RAT is not a new threat, but is easily customizable and can be hard for IT administrators to defend and protect against. Lost Door RAT has recently been observed leveraging routers’ 'Port Forward' feature, allowing a remote attacker to gain access to specific computer within a personal or business network. This capability also allows the attacker to obfuscate their malicious traffic as normal, helping to avoid detection. Once installed, the RAT can be customized, and the newest version, Lost Door E-Lite v9.1, includes encrypted data exchange and streaming of the victim's webcam.


  • May 2016: Lost Door RAT is openly available on social media websites such as Facebook, YouTube, and the malicious actor's blog, where there are videos and instructions on how to use the RAT. (TrendMicro)

Technical Details

TrendMicro provides technical details on the Lost Door RAT, available here.

One example of the Lost Door RAT. Image Source: Softpedia