Hotrat

Malware updated a month ago (2024-11-29T14:17:20.742Z)
Download STIX
Preview STIX
HotRat is a potent malware that has been identified by Avast researchers as a .NET reimplementation of AsyncRat. This new strain of Remote Access Trojan (RAT) comes with nearly 20 commands, each capable of executing a .NET module retrieved from a remote server. This allows the threat actors to extend its features as needed. HotRat is being distributed worldwide through free, pirated versions of popular software and utilities such as video games, image and sound editing software, and Microsoft Office. The malware uses a malicious AutoHotkey script to install itself on a compromised system, simultaneously weakening system security by disabling the Consent Admin and altering Windows Defender settings. Once infiltrated, HotRat has an array of capabilities including stealing login credentials, cryptocurrency wallets, screen capturing, keylogging, installing more malware, and gaining access to or altering clipboard data. It can effectively turn off antivirus software to avoid detection and removal. In addition to stealing personal information, it can take screenshots of user activities and invite additional malware onto the infected system. This makes HotRat a significant cybersecurity threat, likened to an uninvited guest who crashes your party, consumes all your resources, and then steals your valuable assets. The infection chain typically begins with the bundling of cracked software available online via torrent sites with a malicious AutoHotkey script. This initiates a process designed to deactivate antivirus solutions on the compromised host and ultimately launch the HotRat payload using a Visual Basic Script loader. Given its wide distribution and multifaceted capabilities, users are advised to be cautious about downloading suspicious or pirated software to prevent HotRat infection. As of my knowledge cutoff in September 2021, there's no evidence to suggest that HotRat can directly infect WiFi networks; however, once a device connected to a network is compromised, other devices on the same network could potentially be at risk.
Description last updated: 2024-05-04T20:01:04.726Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Windows
Malware
Trojan
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Hotrat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more