Borat RAT

Atlanta-based cyber risk intelligence company, Cyble discovered a new Remote Access Trojan (RAT) malware. What makes this particular RAT malware distinct enough to be named after the comic creation of Sacha Baron Cohen?

RAT malware typically helps cybercriminals gain complete control of a victim's system, permitting them to access network resources, files, and power to toggle the mouse and keyboard. Borat RAT malware goes beyond the standard features and enables threat actors to deploy ransomware and DDoS attacks. It also increases the number of threat actors who can launch attacks, sometimes appealing to the lowest common denominator. The added functionality of carrying out DDoS attacks makes it insidious and a risk to today's digital organizations.

Ransomware has been the most common top attack type for over three years. According to an IBM report, REvil was the most common ransomware strain, consisting of about 37% of all ransomware attacks. Borat RAT is a unique and powerful combination of RAT, spyware, and ransomware capabilities fused into a single malware.

Borat RAT: What Makes It a Triple Threat?

The Borat RAT provides a dashboard for malicious hackers to perform RAT malware activities and the ability to compile the malware binary for DDoS and ransomware attacks on the victim's machine. The RAT also includes code to launch a DDoS attack, slows down response services to legitimate users, and can even cause the site to go offline.

Remarkably, Borat RAT can deliver a ransomware payload to the victim's machine to encrypt users' files and demand a ransom. The package also includes a keylogger executable file that monitors keystrokes on victims' computers and saves them in a .txt file for exfiltration.

The other functionalities of Borat RAT malwarethat make it fun or not so fun including

  • A reverse proxy to protect the hacker
  • The ability to steal credentials from browsers or discord tokens
  • Introduce malicious code into legitimate processes

To annoy or scare its victims, the Borat RAT can also perform the following actions:

  • Switching off and on the monitor
  • Hiding/showing the desktop features such as the start button and taskbar
  • Playing unwanted audio
  • Switching the webcam light on/off

The Borat RAT malwarewill check to see if the system has a connected microphone and if so, will record audio from the computer, which will be saved in another file called "micaudio.wav." Similarly, the malware can begin recording from the camera if a webcam is discovered on the system.

Should Businesses Develop a Solid Response Strategy?

The volatile landscape set by the pandemic has led to every industry being a potential target for pre-packaged malware sets like Borat. All it takes is an unsuspecting employee to accidentally click a malicious link or attachment to give full access to your organization's systems. This can result in operations being halted until the ransom is paid. The halt in operations leads to huge financial and physical losses for the company.

The remote desktop function, which is included in the Borat RAT malware, can wreak havoc on your business as it allows the threat actor to delete critical information/intellectual rights, grab the version of the operating system and the model of the machine and steal potential cookies/saved login credentials. So, companies need to keep an eye out for the threat and prepare themselves against such attacks.

Recommendations for Enhanced Security

Let's look at the recommendations listed below to secure your networks against the risk of cyberattacks:

  • Examine the use of remote administration tools for applications and systems on the industrial network. Remove any remote administration tools that aren't necessary for the industrial process
  • Establish strong password management and enable multi-factor authentication
  • Utilize reputed antivirus software and internet security packages
  • Include a response strategy to contain the threat immediately
  • Utilize flash storage solutions and set relevant measures to back up data. This will help promote operational continuity and lower infrastructural costs
  • Avoid keeping important files in common locations such as Desktop and My Documents
  • Employ an email software security solution that can classify and filter out malicious emails. Employees can also have regular training sessions to gain awareness of the upcoming threats
  • Refine and optimize your vulnerability management system. This will help your organization prioritize the vulnerabilities of most concern

Organizations need to empower their employees to understand the current threat landscape better. Investing in the right technologies and creating robust verification measures can ensure that the right individuals can access the right data. Resolving incidents quickly and efficiently in today's fast-paced digital world is imperative.

Organizations that strategically plan for the next threat will have a positive customer experience in the long run. Solutions like AppTrana help you focus on expanding your business operations without worrying about the safety of your critical assets.


Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.