Borat, a new remote access trojan (RAT) with easy-to-use capabilities for DDoS assaults, UAC bypass, and ransomware deployment, has debuted on darknet markets.
Borat is a remote access Trojan (RAT) that allows remote threat actors to take total control of their victim’s mouse and keyboard, access files and network points, and mask their presence.
The malware allows its users to customize their compilation options in order to build compact payloads with only the features they require for highly targeted attacks.
Borat was discovered in the wild by Cyble researchers, who sampled the malware for a technical investigation that demonstrated its operation.
Features that are Numerous
It’s unknown whether the Borat RAT is sold or freely distributed among cybercriminals, but cycle claims it comes as a bundle with a constructor, malware modules, and a server certificate.
The trojan has the following functionalities, each of which has its own dedicated module:
- Keylogging entails keeping track of key presses and storing them in a text file.
- Borat can be used to deliver ransomware payloads to the victim’s computer and automatically construct a ransom note.
- DDoS – redirect trash traffic to a target server utilizing the resources of the hacked system.
- Sound recording – if a microphone is available, record audio through it and save it as a wav file.
- Camera recording – if a webcam is accessible, record footage from it.
- Start a secret remote desktop to perform file operations, access input devices, run code, and open programs, among other things.
- Reverse proxy – put up a reverse proxy to protect the remote operator’s identity from being revealed.
- Information about the device — compile a list of the system’s fundamental specs.
- Injecting malicious code into normal processes in order to avoid detection is known as process hollowing.
- Account credentials stored in Chromium-based web browsers are stolen.
- Stealing of Discord tokens — The victim’s discord tokens
- Other features – play audio, change mouse buttons, hide the desktop, hide the taskbar, hold the mouse, turn off the monitor, show a blank screen, or hang the system to confuse and upset the victim.
Borat is effectively a RAT, spyware, and ransomware, as mentioned in Cyble’s study, so it’s a formidable threat that can perform a range of destructive activities on a system.
Overall, despite the fact that the RAT’s creator chose the name Borat after the main character in the comedy film Borat, played by Sacha Baron Cohen, the virus is no laughing matter.
Bleeping Computer dug deeper into the malware’s origins and discovered that the payload executable was recently identified as AsyncRAT, implying that its programmer based his work on it.
Threat actors typically disseminate these tools through laced executables or files masquerading as cracks for games and programs, so avoid downloading anything from untrustworthy sources like torrents or dodgy websites.
