Meet Borat RAT, a New Unique Triple Threat

Atlanta-based cyber risk intelligence company, Cyble discovered
a new Remote Access Trojan (RAT) malware. What makes this
particular RAT malware distinct enough to be named after the
comic creation of Sacha Baron
Cohen^[1]?

RAT malware typically helps cybercriminals gain complete control
of a victim’s system, permitting them to access network resources,
files, and power to toggle the mouse and keyboard. Borat RAT
malware goes beyond the standard features and enables threat actors
to deploy ransomware and DDoS attacks^[2]. It also increases the
number of threat actors who can launch attacks, sometimes appealing
to the lowest common denominator. The added functionality of
carrying out DDoS attacks makes it insidious and a risk to today’s
digital organizations.

Ransomware has been the most common top attack type for over
three years^[3]. According to an IBM
report, REvil was the most common ransomware strain, consisting of
about 37%^[4]
of all ransomware attacks. Borat RAT is a unique and powerful
combination of RAT, spyware, and ransomware capabilities fused into
a single malware.

Borat RAT: What Makes It a Triple Threat?

The Borat RAT provides a dashboard for malicious hackers to
perform RAT malware activities and the ability to compile the
malware binary for DDoS and ransomware
attacks^[5]
on the victim’s machine. The RAT also includes code to launch a
DDoS attack, slows down response services to legitimate users, and
can even cause the site to go offline.

Remarkably, Borat RAT can deliver a ransomware payload to the
victim’s machine to encrypt users’ files and demand a ransom. The
package also includes a keylogger executable file that monitors
keystrokes on victims’ computers and saves them in a .txt file for
exfiltration.

The other functionalities of Borat RAT malwarethat make it fun
or not so fun including

• A reverse proxy to protect the hacker
• The ability to steal credentials from browsers or discord
  tokens
• Introduce malicious code into legitimate processes

To annoy or scare its victims, the Borat RAT can also perform
the following actions:

• Switching off and on the monitor
• Hiding/showing the desktop features such as the start button
  and taskbar
• Playing unwanted audio
• Switching the webcam light on/off

The Borat RAT malwarewill check to see if the system has a
connected microphone and if so, will record audio from the
computer, which will be saved in another file called
“micaudio.wav.” Similarly, the malware can begin recording from the
camera if a webcam is discovered on the system.

Should Businesses Develop a Solid Response Strategy?

The volatile landscape set by the pandemic has led to every
industry being a potential target for pre-packaged malware sets
like Borat. All it takes is an unsuspecting employee to
accidentally click a malicious link or attachment to give full
access to your organization’s systems. This can result in
operations being halted until the ransom is paid. The halt in
operations leads to huge financial and physical losses for the
company.

The remote desktop function, which is included in the Borat RAT
malware, can wreak havoc on your business as it allows the threat
actor to delete critical information/intellectual rights, grab the
version of the operating system and the model of the machine and
steal potential cookies/saved login credentials. So, companies need
to keep an eye out for the threat and prepare themselves against
such attacks.

Recommendations for Enhanced Security

Let’s look at the recommendations listed below to secure your
networks against the risk of cyberattacks:

• Examine the use of remote administration tools for applications
  and systems on the industrial network. Remove any remote
  administration tools that aren’t necessary for the industrial
  process
• Establish strong password management and enable multi-factor
  authentication
• Utilize reputed antivirus software and internet security
  packages
• Include a response strategy to contain the threat
  immediately
• Utilize flash storage solutions and set relevant measures to
  back up data. This will help promote operational continuity and
  lower infrastructural costs
• Avoid keeping important files in common locations such as
  Desktop and My Documents
• Employ an email software security solution that can classify
  and filter out malicious emails. Employees can also have regular
  training sessions to gain awareness of the upcoming threats
• Refine and optimize your vulnerability management system. This
  will help your organization prioritize the vulnerabilities of most
  concern

Organizations need to empower their employees to understand the
current threat landscape better. Investing in the right
technologies and creating robust verification measures can ensure
that the right individuals can access the right data. Resolving
incidents quickly and efficiently in today’s fast-paced digital
world is imperative.

Organizations that strategically plan for the next threat will
have a positive customer experience in the long run. Solutions like
AppTrana^[6] help you focus on
expanding your business operations without worrying about the
safety of your critical assets.