Researchers Spot A New Malware Strain…. It’s Called Borat

itnerd »

Security researchers at Cyble have spotted a new malware strain in the wild, dubbed Borat. Yes, as in the movie character. This malware includes features such as DDoS attacks, UAC bypass, ransomware deployments and much more. The malware is available on the darknet markets and enables threat actors to choose their compilation options to create small payloads that feature exactly what they need to tailor attacks to the threat actor’s use case.

Saryu Nayyar, CEO and Founder, Gurucul had this comment:

“Once again we see a variation of an existing attack put together as a new toolkit that uses various tactics and techniques to get their malware or ransomware evade existing security controls. It also shows that misusing privileged access controls is an emerging trend where identity monitoring and analytics is critical for emerging and modern security operations teams to combat compromised credentials and abuse of identity. However, the overall campaign shows the need for advanced analytics that leverage non-rule-based machine learning (ML) that can adapt to new threats and emerging variants, similar to this attack. Current XDR and SIEM solutions are mostly rule-based Artificial Intelligence and ML are unable to detect unknown, newer and emerging attacks without relying on updated models from vendors. We know that vendors are slow to disclose an attack let alone provide meaningful patches or updates in time to protect organizations. A change is needed to stay ahead of attackers.”


Clearly the threat actors behind this are clearly pretty crafty. Which is bad news for everyone else. Hopefully now that this has been exposed, defences can be built to stop this malware from being a huge problem.

UPDATE: I have additional commentary. First from Rob Shaughnessy, VP, Federal for GRIMM

“The recently disclosed malware variant being called BORAT RAT, named and initially reported by security research firm Cyble, Inc., appears to be a multi-purpose malware platform including remote access tools, spyware including platform accessory access, and the ability to crypto lock content and provide customizable ransom messaging. Although the individual elements of BORAT do not seem particularly novel, the availability of a prepackaged suite of malicious tools with integrated management and control capabilities is an emerging trend. The past few months have seen an acceleration in widespread reels of malware tools and techniques globally. We are likely to see more prepackaged malware sets like BORAT in the near future as more and more individuals and organizations take advantage of the wealth of malicious software now available for profit.”

Next I have commentary from Chris Olson, CEO, The Media Trust:

“Borat is a trojan built to order and sold through an organized campaign which exposes the role that darknet markets play in cybercrime today. They are one of many reasons we are seeing a rise in Web and Java-based malware with sophisticated features like polymorphic and obfuscated code, rapid URL shifting and more. It takes little expertise for attackers to target consumers and organizations through digital surfaces – only the money and inclination to acquire the right code from malicious actors who design it for a living.”

Borat Malware Strain

External Link: Researchers Spot A New Malware Strain…. It’s Called Borat

Share this page:

Related Posts