AhnLab reviews how attackers abuse legitimate remote administration tools and malicious RATs to take control of infected systems. The report distinguishes backdoors, remote shells, Remote Access Trojans, and normal tools such as AnyDesk and TeamViewer that can be misused after intrusion. It notes that remote-control capability is often an intermediate stage in larger enterprise attacks, enabling lateral movement, information theft, and later ransomware deployment. Examples include commercial or leaked RAT families such as Remcos, AveMaria, BitRAT, RedLine, and NanoCore, alongside legitimate administration software used to blend into victim environments.