FortiGuard Labs is aware of a report that a new Remote Access Trojan (RAT) called “Borat” is sold in underground forums. The RAT provides not only typical RAT capabilities such as keylogging, audio and webcam recording, and browser credential stealing to cybercriminals, but also offers file encryption and decryption capability as well as creating a ransom note on the victim’s machine.Why is this Significant?This is significant because Borat RAT not only enables cybercriminals to perform typical RAT activities but also provides ransomware capabilities as well.What Functionalities Does Borat RAT Provide?Borat RAT allows an attacker to perform the following activities:KeyloggingRansomware activities such as encrypting and decrypting files as well as creating a ransom note on the victim’s machineDistributed Denial of Service (DDoS)Audio and webcam recordingRemote desktopReverse proxySteals device infoProcess hollowingCredential stealingDiscord token stealingPlay audioSwap mouse buttonsHold mouseShow and hide the Desktop and the taskbarEnable and disable webcam lightHang systemTurn off the monitorDisplay blank screen What is the Status of Coverage?FortiGuard Labs provides the following AV coverage for Borat RAT:MSIL/Agent.CFQ!trMSIL/Keylogger.DUS!trMalicious_Behavior.SB
More Stories
openjpeg2-2.5.3-1.fc40
FEDORA-2024-272544ceb9 Packages in this update: openjpeg2-2.5.3-1.fc40 Update description: Update to openjpeg-2.5.3 Fix 2 heap-buffer-overflow Read More
libxml2-2.12.9-1.fc40
FEDORA-2024-9f3765a04b Packages in this update: libxml2-2.12.9-1.fc40 Update description: Update to 2.12.9 Fixes CVE-2024-40896 Read More
libxml2-2.12.9-1.fc41
FEDORA-2024-867a14de12 Packages in this update: libxml2-2.12.9-1.fc41 Update description: Update to 2.12.9 Fixes CVE-2024-40896. Read More
iwd-3.3-1.fc40 libell-0.71-1.fc40
FEDORA-2024-0fa283c43a Packages in this update: iwd-3.3-1.fc40 libell-0.71-1.fc40 Update description: iwd 3.3: Fix issue with handling External Authentication. iwd 3.2: Fix...
iwd-3.3-1.fc41 libell-0.71-1.fc41
FEDORA-2024-256818da09 Packages in this update: iwd-3.3-1.fc41 libell-0.71-1.fc41 Update description: iwd 3.3: Fix issue with handling External Authentication. iwd 3.2: Fix...
A Vulnerability in Apache Struts2 Could Allow for Remote Code Execution
A vulnerability has been discovered in Apache Struts2, which could allow for remote code execution. Apache Struts2 is an open-source...