Scouring darknet forums, Cyble security researchers discovered the existence of a new Trojan horse with rather astonishing capabilities. It is called “Borat RAT”, in reference to the comic film by Sacha Baron Cohen. The authors also use an image of the main character as an element of communication.
Also see video:
But the main originality does not come from this marketing gimmick. What is most striking is the functional scope of this malware for Windows. First we find the essentials, such as the keystroke recorder, audio / video recording, remote connection or information theft. In particular, the software is capable of siphoning passwords managed by Chrome or Edge or Discord tokens. All these spying actions can also be done through a “Reverse Proxy”, which is placed in front of the infected machine and which allows hackers to cover their tracks and stay in the shadows. .
But that’s not all. Borat RAT also incorporates a DDoS feature that allows fake traffic to be sent to a target using the capabilities of the infected machine. The malware can also play the role of ransomware. The operator can thus remotely activate the encryption of files and the display of a ransom. He can then proceed with the decryption, as soon as the ransom has been paid.
Finally, Borat RAT has, in addition, a series of “fun” functions: switching off the monitor, unexpected opening of the CD/DVD drive, disappearance of the cursor or the taskbar, etc. In short, there is really everything you need to make this malware the ultimate Swiss army knife of hacking. To monitor.
Source: Cyble