A potent malware threat named Borat RAT has been caught being offered for sale on underground hacker forums. The particular piece of malware was analyzed by the infosec experts at Cybele Research Labs, who discovered that Borat is equipped with numerous threatening capabilities that go beyond the scope of a typical RAT (Remote Access Trojan).
The Borat RAT possesses the typical functions related to establishing and maintaining an unauthorized remote connection to the breached device. The threat also can initiate multiple data-capture and information-collecting routines, such as recording audio footage via the system's microphone or video, through the camera. It also can log mouse and keyboard inputs, make arbitrary screen captures, tamper with system settings, and manipulate the file system by exfiltrating or deleting files. The threat targets the browser cookies of Chrome and Microsoft Edge and can compromise Discord tokens.
However, the threat actors utilizing the Borat RAT in their operations can take advantage of the threat's decryption and encryption component to make it act like ransomware. Furthermore, the cybercriminals can modify the ransom note shown to their victims. The threat also can be instructed to carry out DDoS (Distributed-Denial-of-Service) attacks to disrupt the operations of targets chosen by the hackers. Speaking of disruptions, the Borat RAT also has a bizarre set of features in its arsenal, including the ability to play audio on the infected devices, swap the mouse buttons, hide the desktop and taskbar, freeze the mouse entirely, turn off the monitor and more.