Hotrat

Malware updated 4 months ago (2024-05-04T20:18:29.105Z)

Download STIX

Preview STIX

HotRat is a potent malware that has been identified by Avast researchers as a .NET reimplementation of AsyncRat. This new strain of Remote Access Trojan (RAT) comes with nearly 20 commands, each capable of executing a .NET module retrieved from a remote server. This allows the threat actors to extend its features as needed. HotRat is being distributed worldwide through free, pirated versions of popular software and utilities such as video games, image and sound editing software, and Microsoft Office. The malware uses a malicious AutoHotkey script to install itself on a compromised system, simultaneously weakening system security by disabling the Consent Admin and altering Windows Defender settings. Once infiltrated, HotRat has an array of capabilities including stealing login credentials, cryptocurrency wallets, screen capturing, keylogging, installing more malware, and gaining access to or altering clipboard data. It can effectively turn off antivirus software to avoid detection and removal. In addition to stealing personal information, it can take screenshots of user activities and invite additional malware onto the infected system. This makes HotRat a significant cybersecurity threat, likened to an uninvited guest who crashes your party, consumes all your resources, and then steals your valuable assets. The infection chain typically begins with the bundling of cracked software available online via torrent sites with a malicious AutoHotkey script. This initiates a process designed to deactivate antivirus solutions on the compromised host and ultimately launch the HotRat payload using a Visual Basic Script loader. Given its wide distribution and multifaceted capabilities, users are advised to be cautious about downloading suspicious or pirated software to prevent HotRat infection. As of my knowledge cutoff in September 2021, there's no evidence to suggest that HotRat can directly infect WiFi networks; however, once a device connected to a network is compromised, other devices on the same network could potentially be at risk.

Description last updated: 2024-05-04T20:01:04.726Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Windows

Malware

Trojan

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Hotrat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	Cyber threat risks reach three-year high – Avast
CERT-EU	a year ago	HotRat malware has wideranging capabilities
CERT-EU	a year ago	HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software
CERT-EU	a year ago	HotRat Trojan Removal Guide [Fix]
CERT-EU	a year ago	Hackers Deliver HotRat as Hidden Scripts in cracked software
CERT-EU	a year ago	Hackers Deliver HotRat as Hidden Scripts in cracked software \| IT Security News
CERT-EU	a year ago	Unmasking HotRat: The hidden dangers in your software downloads