A new variant of AsyncRAT malware dubbed HotRat is being distributed via free, pirated versions of popular software and utilities such as video games, image and sound editing software, and Microsoft Office.
According to Martin a Milánek, security researcher at Avast, “HotRat malware gives attackers a wide range of capabilities, including stealing login credentials, cryptocurrency wallets, screen capture, keylogging, installing more malware, and accessing or altering clipboard data.”
The virus has been around since at least October 2022, according to the Czech cybersecurity company, with the majority of infections occurring in Thailand, Guyana, Libya, Suriname, Mali, Pakistan, Cambodia, South Africa, and India.
To launch the HotRat payload using a Visual Basic Script loader, the malicious AutoHotkey (AHK) script is bundled with the cracked software that is made available online via torrent sites. This infection chain is intended to disable antivirus software on the compromised host.
With over 20 instructions that each run a.NET module downloaded from a remote server, the so-called comprehensive RAT malware known as HotRat enables the threat actors behind the campaign to add new functionality as and when needed.
Nevertheless, it’s important to remember that the attack needs administrative rights in order to be effective.
According to Milánek, many users download unauthorised software because they can’t resist the overwhelming urge to get high-quality software for free. Therefore, disseminating such software continues to be a successful way to distribute malware worldwide.