Scroll Top

HotRat: New advanced variant of AsyncRAT malware targets users through pirated software


Cybersecurity researchers from Avast have recently discovered a new variant of the notorious AsyncRAT malware, dubbed “HotRat,” spreading rapidly through the distribution of pirated software. The malware poses a significant threat to users, as it comes equipped with a wide range of capabilities, enabling attackers to steal login credentials, cryptocurrency wallets, capture screens, log keystrokes, install additional malware, and gain unauthorized access to or modify clipboard data.

Martin a Milánek, a security researcher at Avast, emphasized the severity of the threat posed by HotRat. He stated, “HotRat malware equips attackers with a wide array of capabilities, such as stealing login credentials, cryptocurrency wallets, screen capturing, keylogging, installing more malware, and gaining access to or altering clipboard data.”

The malware campaign has been observed in the wild since at least October 2022, with the majority of infections concentrated in several countries, including Thailand, Guyana, Libya, Suriname, Mali, Pakistan, Cambodia, South Africa, and India.

According to Avast’s findings, the attackers distribute HotRat through pirated versions of popular software and utilities, including video games, image and sound editing software, and Microsoft Office. The malicious actors bundle the cracked software available on torrent sites with a harmful AutoHotkey (AHK) script, initiating an infection chain designed to disable antivirus solutions on the compromised system. This enables them to execute the HotRat payload using a Visual Basic Script loader. The comprehensive Remote Access Trojan (RAT) malware provides cybercriminals with nearly 20 commands, each executing a .NET module retrieved from a remote server, allowing them to customize and extend its features as required.

To make matters worse, the HotRat attack requires administrative privileges on the targeted system to successfully execute its malicious activities. This underscores the importance of limiting user privileges and implementing robust security measures.

Milánek further highlighted the role of pirated software in propagating the malware. “Despite the substantial risks involved, the irresistible temptation to acquire high-quality software at no cost persists, leading many people to download illegal software,” he stated. “Therefore, distributing such software remains an effective method for widely spreading malware.”

The cybersecurity community advises users to remain vigilant when downloading software from unofficial sources, especially cracked versions available on torrent sites. Keeping all software and applications updated, maintaining strong and unique passwords, and using reputable security software can significantly reduce the risk of falling victim to such malware attacks. urges users to refrain from engaging in software piracy and to support legitimate software developers and publishers to combat the spread of malware like HotRat. By staying informed and cautious, users can help protect themselves and others from falling prey to these malicious cyber threats.

Related Posts

Leave a comment

You must be logged in to post a comment.
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.