Are RATS that elusive that they are not detected by AV security software like AVG, Kaspersky etc?
RATs are not different to malware per se in that regard.
Malware either gets onto your system, because
1) It is very new and not yet detected by an antivirus program. OR
2) Parts of your antivirus program are not configured correctly or disabled.
What is rather RAT specific: Once the attacker gains control of your system, they can do anything they like. That includes setting scan exceptions for the RAT executable in your antivirus, or disabling updates of the antivirus or the antivirus itself. This will prevent future detections by your antivirus software and ensures that the RAT stays on the system for as long as possible.
Usually, if a malware is entirely new and evades antivirus, it takes a few hours or up to a few days until antivirus picks up on the malware. RATs often circumvent this by the behaviour mentioned above.
And if you though you might be infiltrated by a RAT doesn't it require Windows operating system to work correctly if you are using say Windows 10 and think you have an infection? I am curious as to how the remote works. If say you run an android emulator on your desktop would the programs IN the emulator be safe from tampering or hacking by the RAT? Since it is a virtual android operating system per say and NOT Windows OS. I am trying to get more insight and understand the nature of these horrible trojans.
If the RAT is working on the host, the RAT operator also has full control of anything that happens inside an emulator or sandbox within the host system.
The other way around is usually not possible unless there are exploits that allow the malware break out.
If you have a Windows host system and an Android emulator running in the host, a RAT infecting the Android system
will usually not be able to do anything to the host.
Same as above, but the RAT infects the Windows host
. The RAT itself will usually not spread to the Android system. That would require the RAT to work on both operating systems which is very uncommon. However, the operator of the RAT can do anything they like to the Android system because the host has control of it. They can infect the Android system with a different malware if they wish.
The worst thing about RATs is that the actions by the operator are unpredictable. For any other malware, if I (or any other malware analyst) get hands on the executable, I can tell you exactly what it is capable of and what it won't do to the system.
A RAT allows full control to a human, so we never know what is being done to the system and cannot exclude anything.
Due to that we always recommend repaving
the operating system after RAT infection, that means, reformat the HDD and reinstall the operating system.
A system that was infected by a RAT cannot be trusted again.