A new remote access trojan (RAT) recently waltzed into dark web forums. Alongside the usual remote access and DDoS services, ‘Borat’ packs user account control (UAC) bypass capabilities and can also perform ransomware distribution operations.
Named Borat after the namesake character in the popular mockumentary ‘Borat,’ the trojan was discovered by global threat intelligence SaaS provider Cyble during their regular open-source intelligence research inside the Dark Web.
Borat is quite versatile as the range of services goes beyond mouse and keyboard control, files access, and network resources access. Besides ransomware and DDoS, it can perform keylogging, microphone/webcam recording, reverse proxy, remote desktop and other remote attacks, Discord token theft, credential theft from Chromium browsers, etc.
The full list of Borat’s capabilities is as below:
Borat Features and Services | Source: CybleOpens a new window
See More: Is Your Organization Monitoring the Dark Web Yet?
Borat Additional Features and Services | Source: Cyble
“The Borat RAT is a potent and unique combination of Remote Access Trojan, Spyware, and Ransomware, making it a triple threat to any machine compromised by it,†the threat intelligence company stated. “With the capability to record audio and control the webcam and conduct traditional info stealing behavior, Borat is, clearly, a threat to keep an eye on. “The added functionality to carry out DDoS attacks makes this an even more dangerous threat that organizations and individuals need to look out for.â€
So thanks to Borat, any novice attacker can, in theory, have RAT, spyware, and ransomware capabilities all fused into one single malware.Â
The good news is that the Borat malware compulsorily requires user execution to be set up on the target device. The bad news is that users are more likely to be baited into executing the RAT through social engineering after the malware is delivered through phishing.
So watch out for anything out of order delivered to your inbox. Users should also be watchful when visiting or downloading pirated material/content/files/software.
Let us know if you enjoyed reading this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!