HQ/EMEAFind out how we can help your business
A new cybercriminal operation spreads the HotRat malware via cracked software solutions and torrents. Illicit software solutions have become a prevalent vector for infection among cybercriminals since numerous users rely on pirated products.
Based on reports, the threat actors adopted an AutoHotKey to trigger the HotRat malware in an infected system.
HotRat is an alleged AsyncRAT malware variant.
Threat actors exploit software cracks on the internet and convert them into an AutoHotKey to distribute HotRat. Researchers claimed that the script triggers this AsyncRAT malware variant.
Next, the script runs the original software installation to generate a deceiving process which convinces a user that the process is a legitimate installation sequence. In addition, the malicious script executes several actions, such as removing the Avira antivirus and Windows Defender alert settings from the system.
Furthermore, the malware executes a VBS Loader every two minutes to ensure its continuous presence in the compromised device. Researchers noted that the malware maintains its persistence by generating a Task Scheduler entry on the victim’s system.
The scheduled task then injects the HotRat payload after deactivating the AV software. This technique allows attackers to prolong the operation of their malware without raising suspicions.
HotRat is a variant of the open-source AsyncRAT framework. The malware developers have expanded the scope of the AsyncRAT malware by adding new features that could steal personal data and credentials.
Furthermore, threat analysts spotted about 20 recently added commands to the new malware. Many of these commands function as a payload service. The confirmed abilities included in HotRat are standard functions found in malware, such as login credential exfiltration, cryptocurrency wallet heist, keylogging, capturing screenshots, and installing supplementary malware.
Hence, the HotRat malware is a sophisticated version of the AsyncRAT, including various espionage and personal data-stealing capabilities. Experts recommend that users and organisations should adopt vigilant cybersecurity hygiene.
Users should also implement strict software policies, regular updates and patching systems, and educate everyone about the threat posed by pirated and cracked software. These proper digital practices could mitigate or prevent the impact of such malware strains and avoid data and financial loss.
