Security researchers reported a new malware strain, capable of distributing ransomware and performing DDoS attacks. Called Borat after the infamous mockumentary movie, the malware is a RAT, or a Remote Access Trojan, and it provides the two activities alongside the typical RAT features.
The Borat RAT malware also provides a dashboard to threat actors to perform RAT activities and also has an option to compile the malware binary for performing DDoS and ransomware attacks on the victim’s machine, said Cyble researchers.
Borat RAT: Capabilities and Modules
Keylogging
The Borat RAT offers keylogging capabilities in its keylogger.exe module:
The module “keylogger.exe” is responsible for monitoring and storing the keystrokes in the victim’s machine. The below image shows the keyboard-related APIs used by the RAT for keylogging purposes. The captured keystrokes are saved in a file called “Sa8XOfH1BudXLog.txt” for exfiltration.
Ransomware Delivery
The malware has the capability to deliver a ransomware payload to the compromised machine which will encrypt the files and demand a ransom. The malware also has the capability to create a ransom note.
DDoS Activity
The RAT also has a module designed to disrupt the normal traffic of a targeted server by performing a DDoS (Distributed Denial of Service) attack.
Audio and Webcam Recording
The trojan also provides spyware functionality, as it is capable of recording audio and webcam activities. In terms of audio capturing, it checks if a microphone is present, and in case it locates a connected microphone, Borat RAT records all audio and saves it in a file named micaudio.wav.
The malware can record video through any webcam discovered on a compromised system. If it detects a webcam, it starts recording the video.
Remote Desktop Capabilities
The Remote Desktop option allows cybercriminals “to perform activities such as controlling the victim’s machine, mouse, keyboard, and capturing the screen. Controlling the victim’s machine can allow TAs to perform several activities such as deleting critical files, executing ransomware in the compromised machine, etc,” the report said.
Other capabilities Borat RAT has include being able to reverse proxy, collect device information, perform process hollowing, steal browser credentials and Discord credentials.
In conclusion…
This new malware strain is a “potent and unique combination” and is a triple threat to victims worldwide (ransomware, spyware, and RAT). The added DDoS functionality makes it even more dangerous, and an interest to a larger number of cybercriminals.
To avoid being victimized by this (or other) malware, follow the general “PC hygiene” tips, including regular updates, backup of important files (to avoid ransomware damage), and strong passwords.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: