Зарегистрируйтесь сейчас для лучшей персонализированной цитаты!

Borat RAT malware: A 'unique' triple threat that is far from funny

4 апреля 2022 г Hi-network.com
Cyble

A new Remote Access Trojan (RAT) might have an amusing name to some, but its capabilities show the malware to be no laughing matter.

Recommends

The best security key

While robust passwords help you secure your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Read now

Dubbed Borat RAT, Cyble Research Labs said in a recent malware analysis that the new threat doesn't settle for standard remote access capabilities; instead, Borat RAT also includes spyware and ransomware functions.

According to the cybersecurity researchers, the Trojan, named after the character adopted by comedian Sacha Baron Cohen, is offered for sale to cybercriminals in underground forums.

Borat RAT has a centralized dashboard and is packaged up with a builder, feature modules, and a server certificate.

The malware's capabilities are vast and include a keylogger, a ransomware encryption and decryption component -- as well as the option for users to generate their own ransom notes -- and an optionally distributed denial-of-service (DDoS) feature for "disrupting the normal traffic of a targeted server," according to Cyble.

Some of Borat RAT's marketed capabilities

Cyble

The use of 'RAT' in the name is a clue to the remote and surveillance features of the malicious software. Borat RAT can remotely record a machine's audio by compromising its microphone, capture webcam footage and also contains a host of remote control options: hijacking a mouse or keyboard, performing screen captures, tamping with system settings, and both stealing and deleting files.

Borat RAT utilizes process hollowing for compromising legitimate processes on a target machine and may also enable reverse proxies to stay under the radar when performing malicious activities.

The malware will harvest data, including operating system information, before sending it to an attacker-controlled command-and-control (C2) server. Furthermore, Borat RAT will hone in on browser information such as cookies, browser histories, bookmarks and favorites, and account credentials.

Browsers such as Chrome and Chromium-based Microsoft Edge are impacted. Discord tokens, too, can be stolen.

Cyble says that the malware can also perform other functions to "disturb" its victims, including playing audio, swapping mouse buttons, showing or hiding a desktop and taskbar, freezing the mouse, tampering with webcam lights, turning off a monitor, and more.

Despite its name, remote control, spyware, and ransomware capabilities make Borat RAT a potent malware strain worth watching. Cyble intends to monitor the development of the "unique" malware in the future. 

See also

  • Indian Patchwork hacking group infects itself with remote access Trojan
  • Konni remote access Trojan receives 'significant' upgrades
  • Remote Access Trojans spread through Microsoft Azure, AWS cloud service abuse

Have a tip?Get in touch securely via WhatsApp Signal at +447713 025 499, or over at Keybase: charlie0


Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next
  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

tag-icon Горячие метки: Технологии и оборудование Безопасность и охрана

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.