A highly capable remote access trojan, Borat, has appeared in the darknet markets. Despite taking its name from a funny fictional character, Borat is a serious threat with its remote system features. It can conduct DDoS attacks, deploy ransomware, control the system, and more.
RAT Borat is not funny
Borat has many features and it is almost a complete toolkit for a malicious actor. It comes with a keylogger to save the keystrokes of the victim as well as an encrypting payload, which is known as ransomware. Delivering DDoS attacks is one of Borat’s capabilities. The RAT can also record video and audio by utilizing the target systems’ webcam and microphone.
Borat can take the remote desktop of the target system to deliver rights to the threat actor; which enables the threat actor to have complete control of the system, including mouse/keyboard control and screen capture. It also can reverse proxy for anonymously performing the activities, gather information about the system, and inject malicious code for legitimizing the processes. Browser credential stealing is one of Borat’s talents as well. However, it is limited by chromium-based web browsers, which include Chrome and Edge.
Cyble summarizes Borat RAT as “a potenwt and unique combination” and they will be keeping an eye on it. You can read the full analysis by following the link below: