HotRat malware has wideranging capabilities
Researchers from Avast have discovered malware hidden in the executables of pirated software capable of stealing victims’ login credentials and cryptocurrency wallets among other malicious actions.
The malware, which the researchers have named HotRat, is also capable of screen capturing, keylogging, installing more malware and accessing or altering clipboard data.
According to Avast’s analysis, HotRat has been discovered hidden inside cracked software including popular games and productivity applications. The most commonly affected software is typically Adobe (Illustrator, Master Collection, Photoshop) and Microsoft (Office, Windows) software.
HotRat uses a malicious AutoHotkey script to install itself on a compromised system as part of a multi-stage installation that is simultaneously designed to weaken system security by disabling the Consent Admin and altering Windows Defender settings.
Once installed, attackers can send a command and zipped .NET payload that is thought to be able to execute a wide range of functions including removing Avast and other antivirus tools, take a screenshot, kill specific processes, steal crypto wallets, steal stored passwords from web browsers, and download and execute an executable from a specific URL.
HotRat has been detected in most nations worldwide, including Australia and New Zealand, Avast said.
To mitigate the risk of infection, Avast has advised against downloading dubious software from unverified sources, especially any demanding the deactivation of antivirus programs.
CISA and Microsoft warn of “active attacks” on SharePoint
Alerts have been published active attacks exploiting a remote code execution vulnerability in...
Palo Alto partners with Okta on identity management
Palo Alto Networks and Okta have announced new integrations aimed at making it easier for joint...
Trustwave launches anti-phishing service for Microsoft 365
Trustwave's new managed service is designed to provide organisations using Microsoft 365...
