HotRat malware has wideranging capabilities
Researchers from Avast have discovered malware hidden in the executables of pirated software capable of stealing victims’ login credentials and cryptocurrency wallets among other malicious actions.
The malware, which the researchers have named HotRat, is also capable of screen capturing, keylogging, installing more malware and accessing or altering clipboard data.
According to Avast’s analysis, HotRat has been discovered hidden inside cracked software including popular games and productivity applications. The most commonly affected software is typically Adobe (Illustrator, Master Collection, Photoshop) and Microsoft (Office, Windows) software.
HotRat uses a malicious AutoHotkey script to install itself on a compromised system as part of a multi-stage installation that is simultaneously designed to weaken system security by disabling the Consent Admin and altering Windows Defender settings.
Once installed, attackers can send a command and zipped .NET payload that is thought to be able to execute a wide range of functions including removing Avast and other antivirus tools, take a screenshot, kill specific processes, steal crypto wallets, steal stored passwords from web browsers, and download and execute an executable from a specific URL.
HotRat has been detected in most nations worldwide, including Australia and New Zealand, Avast said.
To mitigate the risk of infection, Avast has advised against downloading dubious software from unverified sources, especially any demanding the deactivation of antivirus programs.
Illumio launches AI-powered threat detection platform
The Illumio Insights threat detection solution is designed to help organisations rapidly detect...
GenAI 'grey bots' scraping data from websites
Research from Barracuda has highlighted the issue of morally and legally ambiguous 'grey...
Tanium partners with DXC on endpoint management
Tanium has secured a partnership agreement with DXC that will leverage the company's...
