"Meet Borat RAT, a New Unique Triple Threat"
The cyber risk intelligence company Cyble has discovered a new Remote Access Trojan (RAT) malware dubbed Borat RAT. RAT malware typically assists cybercriminals in gaining complete control of a victim's system, granting them access to network resources, files, and the ability to control the mouse and keyboard. Borat RAT malware goes above and beyond standard features, allowing threat actors to launch ransomware and Distributed Denial-of-Service (DDoS) attacks. It also expands the number of threat actors capable of launching attacks, sometimes appealing to the lowest common denominator. The added functionality of launching DDoS attacks makes it more dangerous to today's digital organizations. The Borat RAT provides a dashboard for malicious hackers to conduct RAT malware activities, as well as the ability to compile malware binary for DDoS and ransomware attacks on the victim's machine. The RAT also contains code for launching a DDoS attack, slows down response services to legitimate users, and causes the site to go offline. Borat RAT can deliver a ransomware payload to the victim's machine, encrypting users' files and demanding a ransom. A keylogger executable file is also included in the package, which monitors keystrokes on victims' computers and saves them in a .txt file for exfiltration. Borat RAT malware also has a reverse proxy to protect the hacker, the ability to steal credentials from browsers or Discord tokens, and the ability to inject malicious code into legitimate processes. It can perform the following actions to annoy or scare its victims: powering the monitor on/off, hiding/showing desktop features such as the start button and taskbar, playing unwanted audio, and switching the webcam light on/off. This article continues to discuss the capabilities and potential impact of the Borat RAT malware.