Posted on April 6, 2022 at 11:43 AM
Security researchers have discovered a new remote access Trojan called “Borat”, which seems funny but gives threat actors a new attacking dimension.
In a recent malware analysis by Cyble Research Labs, the researchers noted that the new threat doesn’t use standard remote capabilities. Rather, it includes both ransomware and spyware options.
The researchers added that the character adopted by comedian Sacha Baron Cohen is being offered for sale by threat actors at underground forums.
Also, they discovered that Borat RAT has a centralized dashboard that is packed with the server certificate, feature modules, and a builder that enables the threat actors to launch successful attacks.
The Malware Has Vast Capabilities
The researchers also explained that the new malware has vast capabilities, which include a ransomware encryption component, an encryption component, and a keylogger.
It also includes the option for the users to generate additional ransom notes, as well as an optionally distributed denial-of-service (DDoS) feature. This can be used by the threat actor to disrupt the normal traffic of the targeted server.
RATs are generally used by threat actors looking to gain full access to their targets’ systems. it allows them to have easy access to network resources and files, as well as manipulate the keyboard and mouse. Some of the more advanced RATs can be deployed to disrupt the targeted computer’s camera system as well. The Cyble researchers said Borat has all these capabilities and even more.
Apart from having the capability to distribute DDoS, Borat also enables threat actors to install malware and carry out the online assault. The researchers also noted that the Borat malware is being made available for sale to other threat actors on the darknet. It means there is a high possibility to get several copies of the malware online, which will not be a good thing for companies and cyber security teams.
What makes this type of malware more interesting is its capability to deliver ransomware that can encrypt files and demand a ransom. Since it can create a ransom note on the targeted device, ore threat actors could be interested in buying or using the malware. Additionally, once the ransom is paid, the malware is capable of decrypting the files in the system to make them available for the user. This means that the threat actors can carry out their activities, ransom demands, get paid, and decrypt the file using only the malware.
The multi-purpose capability of the Borat malware Trojan makes it very dangerous for users and highly threatening for cyber security organizations.
The RAT Equips Threat Actors For DDoS Attack
Another interesting thing about the malware is the fact that it can develop code for DDoS attacks, making it very easy for attackers to disrupt networks and demand ransom. In DDoS attacks, the threat actor sends an overwhelming amount of traffic that disrupts the oral performance of the targeted network.
The extremely high amount of traffic can cause the network to start malfunctioning or stop sending responses to legitimate users. This can go on for hours or days until a ransom is paid to stop the attack.
So apart from oral malware attackers, DDoS attackers can also benefit immensely from the Borat Trojan. In most cases, it takes paying the ransom before the attack can stop to return the system to normalcy.
The Malware Has Remote Surveillance Capabilities
Another worry for cybersecurity experts is the remote surveillance capabilities that the new Trojan has. It enables the threat actors to easily spy on the device and its user remotely. It utilizes a keylogger that records keystrokes from the user’s machine. The malware saves the keystrokes in a file before exfiltrating the to the C2 server of the attacker.
The RAT can also retrieve information from the victim’s computer and saves or bookmarks login credentials from systems running Microsoft Edge or Chrome.
Borat determines whether the system has a connected microphone. It then proceeds to record audio from the company after discovering a microphone. Also, it searches for a webcam ad starts recording from the webcam. The malware can do almost anything on the victim’s computer, which makes it one of the most dangerous trojans out there today.
And the fact that it can be used by almost anyone makes it even more potent. The capabilities of the Trojan make it very dangerous. As a result, the Cyble security researchers are providing as much information as possible on the threat posed by the malware to enable users to protect their systems.