HotRat: Hackers Exploit Pirated Software to Spread This New AsyncRAT Variant

A new AsyncRAT malware variant named HotRat is being spread through free cracked software of popular system and development tools as well as video games. Once deployed, the malware helps the attacker steal personal and sensitive information from the victim’s machine.

‘’HotRat malware equips attackers with a wide array of capabilities, such as stealing login credentials, cryptocurrency wallets, screen capturing, keylogging, installing more malware, and gaining access to or altering clipboard data,’’ Avast researchers said.

Equipping cracked software sourced online with a malicious AutoHotkey script, the malware conceals a PowerShell script that aims to deactivate security solutions, establish system persistence, and eventually launch the malware HotRat using a Visual Basic Script (VBS) Loader.

‘’Since HotRat is run with admin privileges, it is very easy for attackers to make changes in security,’’ noted Avast. The malware has been observed to have the capability to evade or bypass most antivirus software including Avira, Windows Defender, AVG, Malwarebytes, McAfee.

HotRat, described as a comprehensive RAT malware has been designed with additional capabilities including stealthily extracting sensitive information and credentials as well as deploying other malwares. The researchers identified 20 new commands with capabilities to execute .NET payloads sent from C2 (Command and Control) servers. This functionality allows the hackers behind the campaign to execute, change or add commands as desired.

The researchers noted that the malware has been more prevalent since the middle of October 2022, with the majority of infestations occurring in South Asia, East Europe, North America, and African regions.

‘’Despite the known dangers, [..] irresistible temptation to acquire high-quality software at no cost persists, leading many people to download illegal software. [..] The spread of this malware happens through public repositories, with links being disseminated on social networks and forums,’’ noted the researchers.

It is imperative that users avoid dubious websites offering free software downloads and update system security solutions, to safeguard against malware infestations.