FortiGuard Labs is aware of a report that a new Remote Access Trojan (RAT) called “Borat” is sold in underground forums. The RAT provides not only typical RAT capabilities such as keylogging, audio and webcam recording, and browser credential stealing to cybercriminals, but also offers file encryption and decryption capability as well as creating a ransom note on the victim’s machine.Why is this Significant?This is significant because Borat RAT not only enables cybercriminals to perform typical RAT activities but also provides ransomware capabilities as well.What Functionalities Does Borat RAT Provide?Borat RAT allows an attacker to perform the following activities:KeyloggingRansomware activities such as encrypting and decrypting files as well as creating a ransom note on the victim’s machineDistributed Denial of Service (DDoS)Audio and webcam recordingRemote desktopReverse proxySteals device infoProcess hollowingCredential stealingDiscord token stealingPlay audioSwap mouse buttonsHold mouseShow and hide the Desktop and the taskbarEnable and disable webcam lightHang systemTurn off the monitorDisplay blank screen What is the Status of Coverage?FortiGuard Labs provides the following AV coverage for Borat RAT:MSIL/Agent.CFQ!trMSIL/Keylogger.DUS!trMalicious_Behavior.SB
More Stories
USN-7022-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...
chromium-129.0.6668.58-1.fc39
FEDORA-2024-3d29b1647b Packages in this update: chromium-129.0.6668.58-1.fc39 Update description: update to 129.0.6668.58 * High CVE-2024-8904: Type Confusion in V8 * Medium...
chromium-129.0.6668.58-1.el9
FEDORA-EPEL-2024-034e4b1091 Packages in this update: chromium-129.0.6668.58-1.el9 Update description: update to 129.0.6668.58 * High CVE-2024-8904: Type Confusion in V8 * Medium...
chromium-129.0.6668.58-1.fc40
FEDORA-2024-d273b23c67 Packages in this update: chromium-129.0.6668.58-1.fc40 Update description: update to 129.0.6668.58 * High CVE-2024-8904: Type Confusion in V8 * Medium...
USN-7021-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...
USN-7020-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...