San Francisco, July 23 HotRat, a new variant of AsyncRAT malware, is spreading via free, pirated versions of popular software and utilities such as video games, picture and sound editing tools, and Microsoft Office, a new report has shown.
According to cybersecurity firm Avast security researcher Martin a Milanek, "HotRat malware equips attackers with a wide array of capabilities, such as stealing login credentials, cryptocurrency wallets, screen capturing, keylogging, installing more malware, and gaining access to or altering clipboard data".
The attacks involve combining cracked software available on torrent sites with a malicious AutoHotkey (AHK) script that starts an infection chain designed to deactivate antivirus solutions on the compromised host before launching the HotRat payload via a Visual Basic Script loader.
"The most commonly affected group is typically Adobe (Illustrator, Master Collection, Photoshop) and Microsoft (Office, Windows) software. The second group primarily consists of video games such as Battlefield 3, Age of Empires IV, Red Alert 2, and The Sims 4," according to the report.
Moreover, the report said that HotRat, defined as a comprehensive RAT malware, includes roughly 20 commands, each of which executes a.NET module received from a remote server, allowing the campaign's threat actors to increase its features as needed.
"Despite the substantial risks involved, the irresistible temptation to acquire high-quality software at no cost persists, leading many people to download illegal software. Therefore, distributing such software remains an effective method for widely spreading malware," Milanek said.
Further, the report stated that HotRat malware is an advanced version of AsyncRAT, armed with a multitude of spying and personal data theft capabilities.
In addition, the malware exhibits persistence by leveraging scheduled tasks, enabling it to maintain a foothold on infected systems. It also can eliminate antivirus programmes, thus endangering the system’s overall security.
--IANS
Disclaimer: This post has been auto-published from an agency feed without any modifications to the text and has not been reviewed by an editor