HotRat Malware Spreads Through Fake Software Cracks

A fresh variant of the infamous AsyncRAT malware, named HotRat, is currently making rounds, leveraging illicit versions of popular software and utilities such as video games, image and sound editing tools, and even Microsoft Office, all of which are being distributed without authorization.

Security researchers revealed that this cunning malware gives attackers an extensive array of capabilities, ranging from stealing login credentials and cryptocurrency wallets to capturing screenshots, logging keystrokes, installing additional malicious software, and even gaining access to or tampering with clipboard data.

According to the findings of a Czech cybersecurity firm, HotRat has been running rampant in the digital realm since at least October 2022. The bulk of infections are concentrated in various regions, including Thailand, Guyana, Libya, Suriname, Mali, Pakistan, Cambodia, South Africa, and India.

HotRat Comes Bundled With Pirated Software

The modus operandi of these attacks involves bundling cracked software, readily available on torrent websites, with a malicious AutoHotkey (AHK) script. This script sets off a chain of infection aimed at neutralizing antivirus solutions on the targeted system, eventually culminating in the execution of the HotRat payload using a Visual Basic Script loader.

HotRat, often referred to as a comprehensive RAT (Remote Access Trojan) malware, boasts an impressive repertoire of nearly 20 commands. Each command triggers a .NET module fetched from a remote server, granting the malicious actors behind this campaign the ability to expand the malware's functionalities as per their needs.

However, it is important to note that this attack requires administrative privileges to successfully achieve its nefarious objectives. This highlights the importance of maintaining strict security measures and staying vigilant against such threats.