A new remote access trojan (RAT) named Borat has appeared on dark net markets. It offers easy-to-use features to conduct DDoS attacks, UAC bypass, and ransomware deployment. The malware was named after the main character in the comedy movie Borat, but this remote access trojan is no laughing matter–it poses a serious threat to targeted organizations & individuals.
Since Borat is a RAT, it enables remote threat actors to:
- Take complete control of the victim’s mouse and keyboard
- Access files & network points
- Hide any signs of their presence.
The malware operators can choose the compilation options, creating small payloads that feature precisely what they need for highly-tailored attacks.
Borat was discovered by Cyble Research Labs during its regular OSINT research. According to Cyble, Borat comes in the form of a package that includes a builder, the malware’s modules, and a certificate, allowing threat actors to customize the malware to launch sophisticated attacks. Unlike other RATS, Borat provides ransomware and DDoS services.
With Borat, cybercriminals can deploy ransomware payloads & leave behind custom ransom notes on their victim’s machines. Once a machine is compromised, Borat can be further leveraged to direct traffic to other targeted servers using the compromised machine’s resources.
In addition to the ransomware and DDoS capabilities, the RAT can disturb victims by performing the following activities: play audio, show/hide the desktop, show/hide the taskbar, hold mouse, enable webcam light, turn off monitor, hang system, etc.
Threat actors will usually distribute RATs such as Borat via laced executables or files that masquerade as cracks for games & applications. So, users should be careful not to download executables from untrustworthy sources such as torrents or shady sites. Antivirus software should be used to scan executables for malicious payloads (before downloading.)