New variant of AsyncRAT malware called hot rat It is distributed via free pirated versions of popular software and utilities such as video games, image and sound editing software, and Microsoft Office.
“HotRat malware offers attackers a wide range of capabilities, including stealing login credentials, cryptocurrency wallets, screen capture, keylogging, installing additional malware, accessing and modifying clipboard data,” said Martin a Milánek, a security researcher at Avast. Said.
The Trojan has been circulating since at least October 2022, with the majority of infections concentrated in Thailand, Guyana, Libya, Suriname, Mali, Pakistan, Cambodia, South Africa and India, according to a Czech cybersecurity firm.
This attack involves bundling a malicious AutoHotkey (AHK) script with cracked software available online via torrent sites. This script initiates an infection chain designed to disable antivirus solutions on the compromised host and ultimately launch the HotRat payload using the Visual Basic script loader.
Shielding Against Insider Threats: Mastering SaaS Security Posture Management
Worried about insider threats? We’ve got you covered! Join us for this webinar to explore practical strategies and proactive security secrets using SaaS Security Posture Management.
Described as a comprehensive RAT malware, HotRat comes with nearly 20 commands, each executing a .NET module retrieved from a remote server, allowing the attackers behind the campaign to extend its functionality as needed.
However, it is worth noting that this attack requires administrative privileges to achieve its goals.
“Despite the considerable risks involved, the irresistible temptation to get quality software for free continues, leading many to download illegal software,” Milanek said. “Thus, distribution of such software is still an effective way to spread malware widely.”