Atlanta-based cyber risk intelligence company, Cyble discovered a new Remote Access Trojan (RAT) malware. What makes this particular RAT malware distinct enough to be named after the comic creation of Sacha Baron Cohen?
RAT malware typically helps cybercriminals gain complete control of a victim’s system, permitting them to access network resources, files, and power to toggle the mouse and keyboard. Borat RAT malware goes beyond the standard features and enables threat actors to deploy ransomware and DDoS attacks. It also increases the number of threat actors who can launch attacks, sometimes appealing to the lowest common denominator. The added functionality of carrying out DDoS attacks makes it insidious and a risk to today’s digital organizations.
Ransomware has been the most common top attack type for over three years. According to an IBM report, REvil was the most common ransomware strain, consisting of about 37% of all ransomware attacks. Borat RAT is a unique and powerful combination of RAT, spyware, and ransomware capabilities fused into a single malware.
Borat RAT: What Makes It a Triple Threat?
The Borat RAT provides a dashboard for malicious hackers to perform RAT malware activities and the ability to compile the malware binary for DDoS and ransomware attacks on the victim’s machine. The RAT also includes code to launch a DDoS attack, slows down response services to legitimate users, and can even cause the site to go offline.
Remarkably, Borat RAT can deliver a ransomware payload to the victim’s machine to encrypt users’ files and demand a ransom. The package also includes a keylogger executable file that monitors keystrokes on victims’ computers and saves them in a .txt file for exfiltration.
images from Hacker News