HotRat malware has wideranging capabilities
Researchers from Avast have discovered malware hidden in the executables of pirated software capable of stealing victims’ login credentials and cryptocurrency wallets among other malicious actions.
The malware, which the researchers have named HotRat, is also capable of screen capturing, keylogging, installing more malware and accessing or altering clipboard data.
According to Avast’s analysis, HotRat has been discovered hidden inside cracked software including popular games and productivity applications. The most commonly affected software is typically Adobe (Illustrator, Master Collection, Photoshop) and Microsoft (Office, Windows) software.
HotRat uses a malicious AutoHotkey script to install itself on a compromised system as part of a multi-stage installation that is simultaneously designed to weaken system security by disabling the Consent Admin and altering Windows Defender settings.
Once installed, attackers can send a command and zipped .NET payload that is thought to be able to execute a wide range of functions including removing Avast and other antivirus tools, take a screenshot, kill specific processes, steal crypto wallets, steal stored passwords from web browsers, and download and execute an executable from a specific URL.
HotRat has been detected in most nations worldwide, including Australia and New Zealand, Avast said.
To mitigate the risk of infection, Avast has advised against downloading dubious software from unverified sources, especially any demanding the deactivation of antivirus programs.
Cloudflare has changed how AI crawlers scrape the internet
Cloudflare is now protecting online IP by blocking AI crawlers by default, and offering a...
Nearly half of Australian companies opt to pay ransoms: report
A recent survey found that Australian ransom payments have decreased from 66% to 41% in the past...
Barracuda launches vulnerability detection tool
Barracuda Networks has introduced a new solution aimed at helping organisations uncover and...