Cybersecurity researchers have discovered a potent new malware strain that comes with a number of dangerous features and abilities.
Named Borat (after the protagonist of the popular Sacha Baron Cohen film), the malware is a remote access trojan (RAT), ransomware tool and spyware all in one, which can also be used to launch distributed denial of service (DDoS) attacks and UAC bypass.
Researchers from the cybersecurity firm Cyble managed to obtain a sample of the malware and, after a closer inspection, discovered that it can take control of the target’s mouse and keyboard, access files and network points, and hide its presence on the endpoint.
Triple trouble
Among the Borat malware's vast array of features are a keylogger, audio recorder, webcam recorder, reverse proxy, password stealer and Discord token stealer.
Researchers aren’t sure if Borat is being sold online, or just distributed for free. Cyble says it comes bundled up with a builder, different malware modules, and a server certificate.
Usually, such malware gets distributed on dark web sites, in torrent files masquerading as patches and cracks, and on fake phishing sites that promise free software and other things.
The researchers described it as a “unique combination of RAT, spyware and ransomware”, making it a “triple threat” to any compromised device.
“With the capability to record audio and control the webcam and conduct traditional info-stealing behavior, Borat is clearly a threat to keep an eye on,” the researchers concluded.
BleepingComputer tried to uncover who the masterminds behind Borat are, and found that the payload executable was recently identified as AsyncRAT, which suggests the authors probably based their work on this particular RAT.
To stay safe, security researchers suggest everyone stays vigilant when downloading software and only downloads content from trusted sources.
Via BleepingComputer