Cyber Security Experts provide an insight on new RAT, which appeared on darknet markets, includes features such as DDoS attacks, UAC bypass, ransomware deployments and much more, making Borat essentially a RAT, spyware and ransomware. The malware lets its operators choose their compilation options to create small payloads that feature precisely what they need for highly tailored attacks. Borat was analyzed by researchers at Cyble, who spotted it in the wild and sampled the malware for a technical study that revealed its functionality. It is unclear if the Borat RAT is sold or freely shared among cybercriminals, but Cycle says it comes in the form of a package that includes a builder, the malware’s modules, and a server certificate.
RATs and other trojans can be especially insidious as they can enable a broad range of attacks including keyloggers which can be used for credential compromise. As with most things, prevention is better than the cure and organizations should actively implement zero trust strategies and modern VPNs with managed attribution capabilities that obfuscate source and destination relationships for sensitive data and network users. You can’t hack what you can’t see, and this approach drastically reduced the likelihood of catching an infection. Modern multipath VPNs intelligently disperse data making the environment self-healing and are able to dynamically deflect a DDoS attack by routing around a dirty hop. Also, MFA, device posture checking, strengthening, and simplifying firewall rules, can eliminate the reverse proxy vulnerability.
The recently disclosed malware variant being called BORAT RAT, named and initially reported by security research firm Cyble, Inc., appears to be a multi-purpose malware platform including remote access tools, spyware including platform accessory access, and the ability to crypto lock content and provide customizable ransom messaging. Although the individual elements of BORAT do not seem particularly novel, the availability of a prepackaged suite of malicious tools with integrated management and control capabilities is an emerging trend. The past few months have seen an acceleration in widespread reels of malware tools and techniques globally. We are likely to see more prepackaged malware sets like BORAT in the near future as more and more individuals and organizations take advantage of the wealth of malicious software now available for profit.