Worldchronicles1.xyz 제거 알림 표시

사이버 보안 전문가, 새로운 위협 출현에 대해 사용자에게 경고 - Borat RAT. 새로운 악성 코드는 놀라운 스펙터의 다기능 기능을 보여줍니다.

Cyble Research Labs의 정규 OSINT 연구 전문가는 매우 특이한 원격 액세스 트로이 목마를 발견했습니다. (쥐) 이름이 Borat.

Worldchronicles1.xyz 제거 알림 표시

The interesting thing about this malware is that it provides not only the traditional RAT features but also further expanding the malware capabilities by including DDOS services, 랜섬.

It’s name the malware got after a black comedy mockumentary filmBorat”. Threat actors also put the photo of Sacha Baron Cohen as acover pagewho played the role of Borat in the same named film.

Technical details of Borat RAT

Threat actors use RAT or Remote Access Trojan to obtain remote control and full access on a user’s system among other things mouse and keyboard control,network resources access and files access.

Multifunctional Borat malware
List of features provided by the Borat malware

The Borat Rat is a package of server certificate, supporting modules and builder binary, 기타. The malware has a dashboard to help to perform RAT activities and also provides an option for compiling the malware binary to perform DDoS and ransomware attacks on the victim’s machine.

Worldchronicles1.xyz 제거 알림 표시
Additional features provided malware/caption]

So what can the thing do?

Remote Activities with Borat RAT

To scare and distract the victim the RAT will perform: Blank screen, Monitor Off, Hang System, Enable/Disable webcam light, Hold Mouse, Show/hide the taskbar, Show/hide the Desktop, Swap Mouse Buttons, Play Audio.

Discord Token Stealing

The RAT steals Discord tokens and sends the stolen token information back to the threat actors.

Browser Credential Stealing

Borat steals saved login credentials, bookmarks,history and cookies from Chromium based browsers such as Edge, 구글 크롬, 기타.

Hollowing Process

With the help of this RAT threat actors can use a hollowing process which means injection of malicious code into legitimate processes.

[caption id="attachment_56424" 정렬 ="aligncenter" 폭 ="790"]Borat Dashboard Borat RAT Dashboard

Device Information Collection

The Borat RAT also collects various information on the victim’s machine including System Model, OS 버전, OS Name, 기타.

Reverse Proxy

Borat RAT also allows attackers to hide their identity in communication with the compromised servers. This malware has code that enables the reverse of the proxy to perform RAT activities anonymously.

Remote Desktop

The malware performs the remote desktop of the victim’s machine. It gives the threat actors the necessary rights to control the victim’s keyboard, mouse, machine and capture the screen. With the control of the victim’s machine, threat actors can perform execution of a ransomware in the compromised machine, deletion of the files.

Webcam and Audio Recording

Borat RAT can also try to find a webcam or microphone and if any of these are present it will start the secret recording saving everything in the designated fold.

디도스

The malware has the capabilities to disrupt the normal traffic of a targeted server as well.

Borat supply package
Borat Package

랜섬

The interesting fact for the cybersecurity specialist is that this malware has an option to encrypt the victim’s files and subsequently demand a ransom. Typically for the ransomware it also has the capability to create a ransom note on the victim’s machine.

키로거

The Borat’s module “keylogger.exe” monitors and stores the keystrokes on the victim’s machine. They are then saved in a file called “Sa8XOfH1BudXLog.txt” for subsequent exfiltration.

전문가’ 권장 사항

To help users avoid the threat of a newly appeared trojan they prepared several tips to follow:

  • Make regularly backups of your files and keep them offline better on a separate network;
  • Don’t open untrusted email attachments or links without first checking their authenticity;
  • Use antivirus software on any connected device including mobile, laptop and PC;
  • Enable the automatic updates on your devices whenever it is possible and practical;
  • Use strong passwords and enable multi-factor authentication wherever it is possible and practical;
  • It’s better not to keep the important files in common locations like My Documents, Desktop.

What is so special about Borat RAT?

The fresh malware strain apart from typical advanced trojan functionality has a series of modules which are capable of launching various types of malicious activities. In comparison to its namesake character from a movie this malware is not “verrry nice” — one of the most popular catchphrases of fictional Borat.

“Malware authors are increasingly developing feature sets and capabilities that allow flexibility on the part of the attacker,” John Bambenek, principal threat hunter at Netenrich, a digital IT and security operations company, writes in an email to Threatpost.

In the same email the researcher adds that he doesn’t see that much of a threat coming from thisPandora Boxof malware. He explains that usually such types of tools are used by less sophisticated 사이버 범죄자 or those pretending to be one. In any way they may find it difficult to succeed at ransomware at scale. As one security professional noted, this malware might have been created just to monetize on the newcomers in the cybercriminal world who just don’t know their ways yet.

Analysts will keep an eye on Borat RAT

The Cyble Research Team will continue to observe the RAT’s actions and will update the community on the situation evolving. The Borat RAT presents itself to be a unique and potent combination of Remote Access Trojan, Spyware and Ransomware making it triple the threat to the compromised machine. Its capabilities of recording audio and controlling the webcam while conducting traditional info stealing behavior asks to keep a close eye on it. To add here the DDOS and 랜섬 capabilities asks even more attention.

As Jack Mannino, CEO at nVisium noted, ransomware and DDoS attacks are a constant threat to the organizations. The severity of such attacks can be amplified by security bugs and flaws within the software itself.

이들 공격 are exceptionally effective can be launched at a relatively low cost. 따라서, DDoS and ransomware threats will remain to be a persistent risk for organizations around the world. And this new malware strain Just adding to the ever growing and evolving cybercriminal ecosystem.

앤드류 네일 소개

몬트리올의 사이버 보안 저널리스트, 캐나다. Universite de Montreal에서 커뮤니케이션 과학을 공부했습니다.. 언론인이라는 직업이 내 인생에서 하고 싶은 일인지 확신이 서지 않았습니다., 그러나 기술 과학과 함께, 그것은 바로 내가 하고 싶은 일이다. 제 직업은 사이버 보안 세계의 최신 동향을 파악하고 사람들이 PC에 있는 맬웨어를 처리하도록 돕는 것입니다..

또한 확인

Freeadvworld.com 제거 알림 표시

Freeadvworld.com 제거 알림 표시

Pshsbcapr.xyz 제거 알림 표시 …

Omnatuor.com 제거 알림 표시. What's it?

Omnatuor.com 제거 알림 표시. Omnatuor.com 제거 알림 표시?

Phorpiex는. 에서 …

회신을 남겨주