Borat RAT pushes ransomware, DDoS, spyware • The Register

A new remote access trojan (RAT) dubbed “Borat” doesn’t come with many laughs but offers bad actors a menu of cyberthreats to choose from.

RATs are typically used by cybercriminals to get full control of a victim’s system, enabling them to access files and network resources and manipulate the mouse and keyboard. Borat does all this and also delivers features to enable hackers to run ransomware, distributed denial of service attacks (DDoS) and other online assaults and to install spyware, according to researchers at cybersecurity biz Cyble.

“The Borat RAT provides a dashboard to Threat Actors (TAs) to perform RAT activities and also has an option to compile the malware binary for performing DDoS and ransomware attacks on the victim’s machine,” the researchers wrote in a blog post, noting the malware is being made available for sale to hackers.

Borat – named after the character made famous by actor Sacha Baron Cohen in two comedy films – comes with the standard requisite of RAT features in a package that includes such functions as builder binary, server certificate and supporting modules.

It’s the other options that make it more interesting. Bad actors can use the malware to deliver ransomware that will encrypt files on a victim’s system and demand a ransom, including the ability to create a ransom note on the targeted machine. There also is code in Borat that will decrypt the files in the system once the ransom is paid.

Additionally, the RAT includes code for launching a DDoS attack, in which a website or server is overwhelmed by a wave of messages, slowing down responses and services to legitimate users and sometimes forcing the site to shut down. Often it takes paying the threat actor money to shut off the DDoS attack.

On top of that, there is a range of remote surveillance capabilities that enable hackers to spy on the system…