The utilization of illicit software has been prevalent since the advent of torrents and cracked software. Recent findings indicate that malicious actors have been leveraging cracked software as a means to distribute HotRat malware into unsuspecting users' systems. To activate the HotRat malware within the targeted systems, hackers employed an AutoHotKey script.

Diving into details

Threat actors exploited available software cracks found on the internet and converted them into an AutoHotKey script, mimicking the cracked software's icon. The script triggers the release of an AsyncRAT malware variant that Avast dubbed HotRat.
  • Once the crack is installed on a system, the script initiates the original software installation to give the appearance of a legitimate installation process. 
  • In addition to the above, the malicious script takes further actions, such as removing Avira AV and Windows Defender alert settings from the system. 
  • Moreover, to ensure the malware's continuous presence, a VBS Loader is executed every two minutes. This persistence is maintained by creating a Task Scheduler entry on the victim's system.
  • The scheduled task systematically injects the HotRat payload after disabling the antivirus software, ensuring the malware's prolonged operation without detection.

A bit on HotRat

  • HotRat is an offshoot of the open-source AsyncRAT framework. The developers behind the malware have expanded upon the original AsyncRAT version by incorporating additional features designed to pilfer various personal data and credentials, as well as the ability to distribute other malware.
  • The researchers detected approximately 20 recently added commands, many of which function as payload services. This advanced malware is equipped to exfiltrate login credentials, cryptocurrency wallets, capture screens, log keystrokes, and even install supplementary malware.

The bottom line

Notwithstanding the well-established risks, an enduring pattern of software piracy continues to leave users susceptible to potential malware contaminations. HotRat malware represents a sophisticated iteration of AsyncRAT, equipped with a wide array of espionage and personal data pilfering functionalities. To safeguard against such threats, users and organizations must adopt vigilant cybersecurity practices. Implementing strict software policies, regularly updating and patching systems, and educating users about the risks of using cracked software can help mitigate the impact of such malware and protect against potential cyber threats.
Cyware Publisher

Publisher

Cyware