[MART] - Daily Diary #485 - Meet Borat RAT

CTAS-MAT ctas-mat at appgate.com
Tue Apr 5 21:15:46 UTC 2022 

Hello,
I hope everyone is doing well!

Below is the entry for today.

04/05/2022 - Diary entry #485

This week a new malware strain was disclosed, after being found advertised on Deep Web hacking forums. The malware was named "Borat RAT", after Sacha Baron Cohen character, and it is advertised along with a picture of the actor.

Although RAT stands for Remote Access Trojan, Borat RAT does a bit more than that. Borat RAT act as a malicious framework, providing even a dashboard for threat actors to compile the payload binaries, monitor active victims, launch commands, and even deploy ransomware attacks. Most of the functionalities are provided through modules, including credential stealing, microphone/webcam recorders, remote desktop visualization/control (RAT), anti-analysis capabilities, and launching DDoS attacks.

Curiously, the malware also contains functions to tease users, like playing sounds, swapping mouse buttons, hiding the taskbar and desktop, and other annoying stuff. This, along with the Sacha Cohen references, indicates that the malware probably started as a joke, but evolved with some real criminal capabilities.

It's not clear what role Borat RAT will play in the Malware-as-a-Service landscape. The modular structure, along with the findings of new samples with different capabilities, suggests that Borat RAT is evolving quickly, with cybercrime developing new modules to make different attacks and avoid detection.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Duarte Domingues
Security Researcher
Appgate

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 19 98840 2509

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220405/7ae1be0e/attachment.htm>

More information about the MART mailing list