Researchers from threat intelligence firm Cyble discovered a new RAT, named Borat, that enables operators to gain full access and remote control of an infected system.
Unlike other RATs, the Borat RAT provides Ransomware and DDOS services to attackers expanding their capabilities.
The Borat RAT allows its operators to compile the malware binary for performing specific features, including DDoS and ransomware attacks.
Cybler experts reported that Borat RAT comes as a package which includes builder binary, several modules, a server certificate, and more.
The RAT has a modular structure, each module implements a specific functionality. Below a list of the modules analyzed by Cyble:
The BORAT RAT is also able to perform the following activities to disturb the victims: Play Audio, Swap Mouse Buttons, Show/hide the Desktop, Show/hide the taskbar, Hold Mouse, Enable/Disable webcam light, Hang System, Monitor Off, Blank screen, etc.
“The Borat RAT is a potent and unique combination of Remote Access Trojan, Spyware, and Ransomware, making it a triple threat to any machine compromised by it. With the capability to record audio and control the webcam and conduct traditional info stealing behavior, Borat is clearly a threat to keep an eye on. The added functionality to carry out DDOS attacks makes this an even more dangerous threat that organizations and individuals need to look out for.” concludes Cyble. “The Cyble Research Team is closely monitoring the RAT’s actions and will keep informing our clients and people worldwide.”
Please vote Security Affairs as best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and other of your choice.
To nominate, please visit: https://forms.gle/4D4PygUVcNxFQ6iFA
(SecurityAffairs – hacking, RAT)