The Triple Cyber Threat: Borat RAT
Recently a US cyber risk intelligence company has discovered a new Remote Access Trojan (RAT) malware.
RAT malware typically helps cybercriminals gain complete control of a victim’s system, permitting them to access network resources, files, and power to toggle the mouse and keyboard.
Borat RAT malware goes beyond the standard features and enables threat actors to deploy ransomware and DDoS attacks.
It also increases the number of threat actors who can launch attacks. The added functionality of carrying out DDoS attacks makes it insidious and a risk to today’s digital organizations.
Ransomware has been the most common top attack type for over three years. According to an IBM report, REvil was the most common ransomware strain, consisting of about 37% of all ransomware attacks.
Borat RAT is a unique and powerful combination of RAT, spyware, and ransomware capabilities fused into a single malware.
What Makes Borat RAT a Triple Threat?
The Borat RAT provides a dashboard for malicious hackers to perform RAT malware activities and the ability to compile the malware binary for DDoS and ransomware attacks on the victim’s machine.
The RAT also includes code to launch a DDoS attack, slows down response services to legitimate users, and can even cause the site to go offline.
Borat RAT can deliver a ransomware payload to the victim’s machine to encrypt users’ files and demand a ransom.
The package also includes a keylogger executable file that monitors keystrokes on victims’ computers and saves them in a .txt file for exfiltration.
The other functionalities of Borat RAT malware include:
- A reverse proxy to protect the hacker
- The ability to steal credentials from browsers or Discord tokens
- Introduce malicious code into legitimate processes
Borat RAT can also perform the following actions to annoy or scare its victims:
- Switching off and on the monitor
- Hiding/showing the desktop features such as the start button and taskbar
- Playing unwanted audio
- Switching the webcam light on/off
The Borat RAT malware will check to see if the system has a connected microphone and if so, will record audio from the computer, which will be saved in another file called “micaudio.wav.”
Similarly, the malware can begin recording from the camera if a webcam is discovered on the system.
Businesses needs a reliable Response Strategy
The volatile landscape set by the pandemic has led to every industry being a potential target for pre-packaged malware sets like Borat.
All it takes is an unsuspecting employee to accidentally click a malicious link or attachment to give full access to your organization’s systems, or also be tricked by social engineering malicious activities.
A solution to avoid this inconvenience as much as possible is to rely on a solid security awareness path, such TelsySkills, aimed to enhance employees’ knowledge and best practices on cybersecurity.
The lack of employee preparation can result in operations being halted until the ransom is paid. The halt in operations leads to huge financial and physical losses for the company.
For example, the remote desktop function, which is included in the Borat RAT malware, can wreak havoc on your business as it allows the threat actor to delete critical information and/or intellectual rights, grab the version of the operating system and the model of the machine and steal potential cookies or saved login credentials.
So, companies definitely do need to keep an eye out for the threat and prepare themselves against such attacks.
One of the tools that can help companies to early intercept threats and have a comprehensive information landscape on them is Cyber Threat Intelligence.
Also, refine and optimizing your cyber vulnerability management system will also help your organization prioritize the vulnerabilities of most concern.
How to be prepared with Telsy CTI solutions
Cyber Threat Intelligence (CTI) is the enabling knowledge to prevent and mitigate cyber threats in order to improve the security posture of organizations and enable appropriate defense strategies.
Telsy’s CTI suite consists of four services:
- Company Thrat Intelligence
- Early Warning
- Treat Investigation
- Threat Intelligence Feed & Platform
Through the combined efforts of dedicated analysts, state-of-the-art infrastructure, technology capabilities, and the use of best-of-breed techniques and procedures, Telsy’s CTI suite enables preventive and proactive cyber risk reduction, while also providing clients with timely reports and updates to support their security perimeter.
Discover more on telsy.com