A new variant of the AsyncRAT malware was dubbed HotRat distributed through free pirated versions of popular software and utilities such as video games, image and sound editing software, and Microsoft Office.
“The HotRat malware equips attackers with a wide range of capabilities, such as stealing login credentials, cryptocurrency wallets, screenshots, keylogging, installing more malware, and gaining access to or changing clipboard data,” Avast security researcher Martin a Milánek said.
The Czech cybersecurity firm says the trojan has been prevalent in the wild since at least October 2022, with the majority of infections concentrated in Thailand, Guyana, Libya, Suriname, Mali, Pakistan, Cambodia, South Africa and India.
The attack required a hacked software bundle available online via torrent sites with a malicious AutoHotkey (AHK) script that started an infection chain designed to disable antivirus solutions on compromised hosts and eventually launch HotRat payloads using the Visual Basic Script loader.
Protecting Against Insider Threats: SaaS Master Security Posture Management
Worried about insider threats? We are here to help you! Join this webinar to explore practical strategies and secrets to proactive security with SaaS Security Posture Management.
HotRat, described as a comprehensive malware RAT, comes with nearly 20 commands, each of which executes a .NET module fetched from a remote server, allowing the threat actor behind the campaign to expand its features if needed.
However, it should be noted that the attack requires administrative privileges to successfully achieve its goals.
“Despite the enormous risks involved, the irresistible temptation to acquire high-quality software at no cost persists, leading many people to download illegal software,” Milánek said. “Therefore, distributing such software remains an effective method of spreading malware widely.”