ESET Research uncovers variants of AsyncRAT, popular choice of cybercriminals
Created: 2025-07-16 03:28:50
- ESET Research has released insights into the landscape of AsyncRAT, a remote access tool (RAT), and its numerous variants.
- The analysis uncovers their unique interconnections, and documents how these variants can be distinguished.
- The widespread availability of frameworks such as AsyncRAT significantly lowers the barrier of entry for aspiring cybercriminals.
PRAGUE, BRATISLAVA — July 15, 2025 — ESET Research is releasing its analysis of AsyncRAT — a remote access tool (RAT) designed to remotely monitor and control other devices. Over the years, AsyncRAT has cemented its place as a cornerstone of modern malware and as a pervasive threat that has evolved into a sprawling network of its variants and forks (customized and improved versions of the original tool). The published analysis provides an overview of the most relevant forks of AsyncRAT, drawing connections between them and showing how they have evolved.
AsyncRAT, an open-source RAT, was released on GitHub in 2019 by a user going by the name of NYAN CAT. It offers a wide range of typical RAT functionalities, including keylogging, screen capturing, credential theft, and more. Its simplicity and open-source nature have made it a popular choice among cybercriminals, leading to its widespread use in various cyberattacks.
“AsyncRAT introduced significant improvements, particularly in its modular architecture and enhanced stealth features, making it more adaptable and harder to detect in modern threat environments. Its plug-in-based architecture and ease of modification have sparked the proliferation of many forks, pushing the boundaries even further,” says ESET researcher Nikola Knežević, author of the study.
Ever since it was released to the public, AsyncRAT has spawned a multitude of new forks that have built upon its foundation. Some of these new versions have expanded on the original framework, incorporating additional features and enhancements, while others are essentially the same version in different clothes. The most popular variants for the attackers, according to ESET telemetry, are DcRat, VenomRAT, and SilverRAT.
DcRat offers a notable improvement over AsyncRAT in terms of features and capabilities, while VenomRAT is packed with further additional features. However, not all RATs are serious in nature, and this applies equally to AsyncRAT forks. Clones like SantaRAT or BoratRAT are meant to be jokes. Despite this, ESET has found instances of real-world malicious usage of these in the wild.
In its analysis, ESET Research has cherry-picked some lesser-known forks, too, as they enhance AsyncRAT’s functionality beyond the features included in the default versions. These exotic forks are often the work of one person or group, and they make up less than 1% of the volume of AsyncRAT samples.
“The widespread availability of frameworks such as AsyncRAT significantly lowers the barrier to entry for aspiring cybercriminals, enabling even novices to deploy sophisticated malware with minimal effort. This development further accelerates the creation and customization of malicious tools. This evolution underscores the importance of proactive detection strategies and deeper behavioral analyses to effectively address emerging threats,” concludes Knežević.
For a more detailed analysis and technical breakdown of various AsyncRAT variants and forks, check out the latest ESET Research blogpost, “Unmasking AsyncRAT: Navigating the labyrinth of forks,” on WeLiveSecurity.com. Make sure to follow ESET Research on Twitter (today known as X), BlueSky, and Mastodon for the latest news from ESET Research.
BoratRAT promotional logo
About ESET
ESET develops software solutions that deliver instant, comprehensive protection against evolving computer security threats. ESET pioneered and continues to lead the industry in proactive threat detection. ESET NOD32 Antivirus, its flagship product, consistently achieves the highest accolades in all types of comparative testing and is the foundational product that builds out the ESET product line to include ESET Smart Security. ESET Smart Security is an integrated antivirus, antispyware, antispam and personal firewall solution that combines accuracy, speed and an extremely small system footprint to create the most effective security solution in the industry. Both products have an extremely efficient code base that eliminates the unnecessary large size found in some solutions. This means faster scanning that doesn’t slow down computers or networks. Sold in more than 160 countries, ESET has worldwide production headquarters in Bratislava, SK and worldwide distribution headquarters in San Diego, U.S. ESET also has offices in Bristol, U.K.; Buenos Aires, AR; Prague, CZ; and is globally represented by an extensive partner network. For more information, visit our local office at https://eset.version-2.sg.
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The Company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which includes Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities. For more information, please visit https://www.version-2.com.sg/ or call (65) 6296-4268.
Join ESET at Facebook