Dirty RAT: New HotRat Trojan Distributed Using Cracked Software and Games
Security researchers have discovered a new malware campaign based on free and cracked versions of popular games and software packages.
While the software and games seem relatively legitimate (except for the illegally pirated part, of course), they all have something more malicious in common.
They are hosting a remote access trojan that Avast researchers have dubbed HotRat, which is capable of performing a variety of malicious actions, from taking screenshots, killing specific processes, and disabling any antivirus measures installed on infected machines.
What makes the HotRat distribution method so effective is that to install a large amount of cracked software, administrator rights are required. So when a victim sees your shiny new software making such a request, they are more likely to grant it, triggering an infection chain that eventually causes the RAT to easily install itself and communicate with the command and control infrastructure of the victim. threat actor.
The decrypted software is also installed, so the victim does not realize that they have just hijacked their own machine.
“Imagine HotRat as that uninvited guest who crashes your party, eats all your snacks, and then steals your wallet,” Avast security evangelist Luis Corrons said in a blog post. “It’s not right, is it? Once it sneaks onto your computer, HotRat can swipe in your personal information, take screenshots of what you’re doing, and even invite more unwanted guests (read: more malware).”
“The worst part? “You might not even know it’s there.”
HotRat has been in circulation since at least October 2022 and its spread has remained constant since then. The most affected countries are in Africa and Asia, although its reach is currently relatively global: apparently everyone loves free software, but it is the poorest countries that are most affected.
Interestingly, according to Avast’s heat map of RAT distribution, Russia (among other countries) does not appear to be affected.
The list of infected programs is long, but here is an indicative sample of the type of software used to spread the Trojan.
- Adobe Illustrator 2023
- Far Cry 4 gold edition
- Adobe Photoshop 2021
- IObit Pro Uninstaller
- Age of Empires IV Deluxe digital edition
- Microsoft Office 2022
- Battlefield 3 Premium Edition
- Microsoft Office Professional Plus 2021
- Professional CCleaner
- Elite Sniper 4 deluxe edition
- Command & Conquer Red Alert 2
- The Sims 4
- CyberLink Deluxe Screen Recorder
- Download Tiktok 18+ Plus for PC
- disc drilling company
- Vmware pro workstation
“So, that free version of Adobe Photoshop or the latest video game you just downloaded could be a Trojan horse for HotRat,” Corrons concluded, “among a multitude of other potential security vulnerabilities.”
Just remember, if it’s too good to be true, it’s usually not a good thing at all, especially when it comes to cybersecurity.