BitRAT is a powerful Remote Access Trojan (RAT) with a sizable array of tools that can wreak havoc on an infected computer despite multiple signs showing that its creators may not have been among the most experienced software developers. BitRAT is being sold on underground hacker forums where it is advertised as being able to control mouse and keyboard of the targeted computer, capture and stream audio and video through any connected microphone or video camera, manipulate the user's browser stealthily, download and upload file potentially, as well as exfiltrate system and user data. BitRAT also can act as a keylogger or a crypto-miner (specifically for the Monero cryptocurrency).

BitRAT Appears to be Cobbled Together from Bits and Pieces Across the Internet

The creators of BitRAT have stated that their malware is unique entirely and without a misappropriated line of code, but, apparently, that is far from the truth. In fact, when infosec researchers took the time to reverse engineer the underlying code of BitRAT, they found that whole sections were lifted from other places, while multiple signs indicate that the malware itself was somewhat sloppily crafted; there are redundant functions, unoptimized behavior and bloated commands.

Whole sections of the BitRAT are taken from either code of other malware threats that were leaked, open-source projects, or in some instances, from StackOverflow. The BitRAT's API loader and the entire HVNC/Remote Browser sections are lifted from TinyNuke directly, which is an older Trojan malware. The creators of BitRAT also may have collaborated, or have other connections, with the criminals behind the Warzone RAT, which indicates that BitRAT's encryption key is concatenated with the string 's0lmYr', the name used by the developer of Warzone.

Despite its functions being an amalgamation of various pieces of code spliced together, it cannot be denied that BitRAT is a threatening malware that shouldn't be underestimated.


Most Viewed