HotRat malware has wideranging capabilities
Researchers from Avast have discovered malware hidden in the executables of pirated software capable of stealing victims’ login credentials and cryptocurrency wallets among other malicious actions.
The malware, which the researchers have named HotRat, is also capable of screen capturing, keylogging, installing more malware and accessing or altering clipboard data.
According to Avast’s analysis, HotRat has been discovered hidden inside cracked software including popular games and productivity applications. The most commonly affected software is typically Adobe (Illustrator, Master Collection, Photoshop) and Microsoft (Office, Windows) software.
HotRat uses a malicious AutoHotkey script to install itself on a compromised system as part of a multi-stage installation that is simultaneously designed to weaken system security by disabling the Consent Admin and altering Windows Defender settings.
Once installed, attackers can send a command and zipped .NET payload that is thought to be able to execute a wide range of functions including removing Avast and other antivirus tools, take a screenshot, kill specific processes, steal crypto wallets, steal stored passwords from web browsers, and download and execute an executable from a specific URL.
HotRat has been detected in most nations worldwide, including Australia and New Zealand, Avast said.
To mitigate the risk of infection, Avast has advised against downloading dubious software from unverified sources, especially any demanding the deactivation of antivirus programs.
Veeam launches free Splunk extension
Veeam's new Splunk extension will allow users of the SIEM tool to monitor the health and...
JFrog uncovers critical Python vulnerability
JFrog researchers uncovered a since-patched security vulnerability in the Python programming...
Mimecast unveils Human Risk Management Platform
Mimecast's new Human Risk Management Platform can help enterprises assess and mitigate...
