A new Trojan for remote access (RAT) called Borat has appeared on cybercrime trading platforms, offering easy-to-use functions for conducting DDoS attacks, bypassing UAC and installing ransomware.
Borat allows remote attackers to gain full control over the mouse and keyboard of their victim, gain access to files, network points and hide any signs of their presence. Malware also allows its operators to select compilation options to create small payloads for highly specialized attacks.
It is unclear whether Borat RAT is sold for a certain price or is freely distributed among cybercriminals, but experts from Cycle reported that the malware comes in the form of a package that includes a collector, malware modules and a server certificate.
Borat functions include keylogging, installing a ransomware program and automatically creating a ransom note, conducting DDoS attacks, audio recording, recording from a webcam, launching a hidden remote desktop to perform file operations, using input devices, executing code, launching applications, configuring a reverse proxy server, collecting basic information about the system, the introduction of malicious code into legitimate processes, the theft of credentials and the Discord token.
According to experts, these functions make Borat spyware and ransomware, so it is a dangerous threat.