The Remote Access Trojan, or RAT for short, is a powerful tool among cybercriminals as it allows them to fully access and control a compromised computer or device to steal data or launch additional attacks. The typical RAT is dangerous enough on its own, but a new RAT analyzed by threat monitoring firm Cyble has a couple of new tricks up its sleeve.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
Described in Cyble’s recent report, the new RAT was dubbed Borat by its creator. Named after the tongue-in-cheek character played by actor Sacha Baron Cohen, the RAT even uses a photo of Cohen in its splash screen. But while the character of Borat is played for comedy, the RAT named Borat is hardly a laughing matter.
Borat the RAT offers the usual tactics expected of this type of Trojan. As touted by its developer, this malicious program can compromise a PC to disable Microsoft Defender security, enable a keylogger to record keystrokes, control the mouse and keyboard, record any audio and video, create screen captures, and steal cookies and saved credentials from browsers such as Chrome and Microsoft Edge.
But Borat’s life of crime extends even further. The RAT’s dashboard also includes an option to compile code for Distributed Denial of Service attacks and ransomware campaigns. For the former, Borat can target a service with a DDoS attack to disrupt its ability to handle traffic. And for the latter, the Trojan can deliver a ransomware payload to the victim’s computer, thus encrypting sensitive files and demanding a ransom payment in return. Borat can even create and post the ransom note on the compromised system.
“The Borat RAT is a potent and unique combination of Remote Access Trojan, spyware, and ransomware, making it a triple threat to any machine compromised by it,” Cyble said in its report. “With the capability to record audio and control the webcam and conduct traditional info stealing behavior, Borat is clearly a threat to keep an eye on. The added functionality to carry out DDoS attacks makes this an even more dangerous threat that organizations and individuals need to look out for.”
To help defend your organization against Borat and other RATs, Cyble offers the following tips:
- Don’t store important or sensitive files in common Windows folders such Desktop or Documents.
- Use strong passwords and enforce multi-factor authentication wherever and whenever possible.
- Enable automatic updates on your computer, mobile devices and other connected devices wherever practical.
- Use a reputable antivirus and security program on your connected devices.
- Don’t open untrusted links and email attachments without verifying their authenticity.
- Regularly back up your data and keep those backups offline or in a separate and secure network location.
Joseph Carson, chief security scientist at security provider Delinea, has some advice of his own.
“Weak credentials are one of the most common causes that make it easy for attackers to gain an initial foothold,” Carson said. “Strong password management, privileged access security and multi-factor authentication will make it difficult for an attacker to be successful at gaining the initial foothold. In addition to making it more difficult, organizations must prepare to respond with a solid incident response plan. Resiliency is vital to an organization’s ability to recover and get back to business quickly.”