This Borat-themed malware is not funny in the slightest

By Sead Fadilpašić
last updated

A newly discovered RAT comes with a myriad of destructive features

watch borat 2 online
(Image credit: Amazon)

Cybersecurity researchers have discovered a potent new malware (opens in new tab) strain that comes with a number of dangerous features and abilities. 

Named Borat (after the protagonist of the popular Sacha Baron Cohen film), the malware is a remote access trojan (RAT), ransomware tool and spyware all in one, which can also be used to launch distributed denial of service (DDoS) attacks and UAC bypass.

Researchers from the cybersecurity firm Cyble managed to obtain a sample of the malware and, after a closer inspection, discovered that it can take control of the target’s mouse and keyboard, access files and network points, and hide its presence on the endpoint (opens in new tab).

TechRadar needs yo...

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window (opens in new tab) <<

Triple trouble

Among the Borat malware's vast array of features are a keylogger, audio recorder, webcam recorder, reverse proxy, password stealer and Discord token stealer.

Researchers aren’t sure if Borat is being sold online, or just distributed for free. Cyble says it comes bundled up with a builder, different malware modules, and a server certificate. 

Usually, such malware gets distributed on dark web sites, in torrent files masquerading as patches and cracks, and on fake phishing sites that promise free software and other things.

The researchers described it as a “unique combination of RAT, spyware and ransomware”, making it a “triple threat” to any compromised device.

Read more

> Cybercriminals are infiltrating our Microsoft Excel spreadsheets now (opens in new tab)

> This dangerous malware affects nearly all devices, and somehow remained undetected until now (opens in new tab)

> This nasty trojan uses Discord as a command and control server (opens in new tab)

“With the capability to record audio and control the webcam and conduct traditional info-stealing behavior, Borat is clearly a threat to keep an eye on,” the researchers concluded.

BleepingComputer tried to uncover who the masterminds behind Borat are, and found that the payload executable was recently identified as AsyncRAT, which suggests the authors probably based their work on this particular RAT.

To stay safe, security researchers suggest everyone stays vigilant when downloading software and only downloads content from trusted sources.

Via BleepingComputer (opens in new tab)

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

See more Computing news