Researchers on dark web markets have observed a new remote access trojan (RAT) called Borat. The malware could enable threat actors to control a targeted device’s network points, stored files, mouse, and keyboards.
The researchers stated that the newest remote access trojan is circulating in the wild, and more research is needed to analyse it thoroughly.
The analysis revealed that Borat malware is an amalgamation of spyware, ransomware, and remote access trojan. It also includes an easy-to-use function for operating distributed denial-of-service attacks, data stealing, and user account control.
It is still unknown whether its developers are offering Borat to hackers for the right amount of money or if it is shared without a cost among cybercriminals. However, the RAT comes as a package that includes malware modules, server certificates, and a builder.
The Borat malware is packed with different modules with distinct functions.
Further analysis showed that the malware has different and dedicated modules that accomplish multiple tasks and purposes during attacks.
The modules include various functions and purposes such as distributed denial-of-service attacks, ransomware, audio recording, webcam recording, reverse proxy server, process hollowing, credential stealing, Discord token exfiltration, device info, ransomware, remote desktop, and keylogging.
Additional features include abilities that can confuse victims by swapping mouse buttons, hiding the taskbar, misplacing desktop icons, freezing mouse control, portraying a blank screen, or turning off the user monitor.
Some experts claimed that Borat malware must have cooperated with other groups to achieve such capabilities. They also stated that the developers would need resources for the malware to obtain such features.
After analysing the campaign and searching for the origins of Borat, a cybersecurity group found that the payload executable is from AsyncRAT. It is highly plausible that its developers utilised the AsyncRAT as the foundation of their malware.
Borat is a multi-purpose malware threat that includes a mixture of other malware payloads. Threat actors commonly distribute such tools through laced executables or files spoofed as cracks application or games. These hostile programs are located on sketchy sources such as fake sites or torrents, thus, users are urged to avoid these entities.
