Malevolence Borat RAT: A “unique” triple threat that is far from fun





screenshot-2022-04-04-at-11-15-58.png

Cyble

A new Remote Access Trojan (RAT) may have an amusing name to some, but its capabilities show the malware is no laughing matter.

Dubbed Borat RAT, Cyble Research Labs said in a recent malware analysis that the new threat is not content with standard remote access capabilities; instead, Borat RAT also includes spyware and ransomware functions.

According to cybersecurity researchers, the Trojan horse, named after the character adopted by comedian Sacha Baron Cohen, is offered for sale to cybercriminals in underground forums.

Borat RAT has a centralized dashboard and comes with a builder, feature modules, and server certificate.

The malware’s capabilities are extensive and include a keylogger, a ransomware encryption and decryption component – as well as the ability for users to generate their own ransom notes – and an optional Distributed Denial of Service (DDoS) feature. ) to “disrupt normal traffic from a targeted server,” according to Cyble.

screenshot-2022-04-04-at-12-16-16.png

Some of Borat RAT’s Marketed Abilities

Cyble

The use of “RAT” in the name is a hint of the malware’s monitoring and remote control capabilities. Borat RAT can remotely record audio from a machine by compromising its microphone, capture webcam footage and also contains a host of remote control options: hijack a mouse or keyboard, take screenshots, modify system settings and steal and delete files.

Borat RAT uses process mining to compromise legitimate processes on a target machine and can also allow reverse proxies to stay under the radar while performing malicious activity.

The malware will harvest data, including operating system information, before sending it to an attacker-controlled command-and-control (C2) server. Additionally, Borat RAT will focus on browser information such as cookies, browser histories, bookmarks and favorites, and account credentials.

Browsers such as Chrome and Chromium-based Microsoft Edge are impacted. Discord tokens can also be stolen.

Cyble says the malware can also perform other functions to “disturb” its victims, including playing audio, swapping mouse buttons, showing or hiding a desktop and taskbar. , mouse freezing, webcam lights tampering, monitor turning off, etc.

Despite its name, the remote control, spyware and ransomware capabilities make Borat RAT a powerful strain of malware to watch out for. Cyble intends to monitor the development of the “unique” malware in the future.

Previous and related coverage


Do you have any advice? Get in touch securely via WhatsApp | Signal at +447713 025 499, or more at Keybase: charlie0





Leave a Comment

x