Borat Expands RAT Capabilities

Cybersecurity researchers have discovered a new Remote Access Trojan (RAT) which allows threat actors to launch ransomware and DDoS attacks.

Named Borat after the comic creation of Sacha Baron Cohen, the RAT was discovered by Atlanta-based cyber risk intelligence company, Cyble.

"The Borat RAT provides a dashboard to threat actors to perform RAT activities and also has an option to compile the malware binary for performing DDoS and ransomware attacks on the victim’s machine," noted the researchers in a blog post

The  blog post continued: "Interestingly, the RAT has an option to deliver a ransomware payload to the victim’s machine for encrypting users’ files as well as for demanding a ransom."

The malware consists of a package which boasts builder binary, supporting modules and server certificate. Included in the package is the capability to create a ransom note on a victim's machine and a code that can decrypt files in the victim's machine once a victim has forked over the ransom payment.

The package also comes with a keylogger executable file which monitors the keystrokes made on victims' machines and stores them in a .txt file for exfiltration.

Threat actors seeking to disrupt the normal traffic of a targeted server by performing a DDoS attack are provided with code to achieve their objective. The RAT also has the capability to record audio on a victim's machine if that machine is connected to a microphone, and to record video through any webcam present in the victim’s machine. 

To allow threat actors to communicate with compromised servers, anonymously, the RAT has code to enable reverse proxy.

"Ransomware and DDoS attacks are a constant threat for organizations and security bugs and flaws within software can be exploited to amplify these attacks," commented Jack Mannino, CEO at nVisium

"As these attacks are highly effective and can often be launched at a relatively low cost, DDoS threats will continue to be a persistent, real risk for today’s digital organizations."

Mannino advised organizations to prepare themselves against such attacks by performing security and quality testing of their software "to ensure failures or functions that consume excessive resources cannot be abused to overwhelm a system."

What’s Hot on Infosecurity Magazine?