Borat RAT emerges as triple threat to cyber organizations

April 4, 2022

The Borat remote access trojan (RAT) can deliver a payload of spyware, ransomware or perform a DDoS attack according to Cyble researchers. Pictured: Comedian/actor Sacha Baron Cohen arrives at the premiere of "Borat: Cultural Learnings Of America" held at the Grauman's Chinese Theatre on Oct. 23, 2006, in Hollywood, Calif. (Photo by David Livingston/Getty Images)

Researchers late last week found a new remote access trojan (RAT) called Borat that unlike most other RATs, can execute ransomware and DDoS attacks.

Named after the popular movies starring Sacha Baron Cohen, Cyble researchers said in a blog post that the Borat RAT has an option to deliver a ransomware payload to the victim’s machine to encrypt users’ files as well as to demand a ransom.

The researchers said like other ransomware, Borat also can create a ransom note on the victim’s machine. Borat can also disrupt the normal traffic of a targeted server by performing a DDoS attack.

The Borat RAT presents itself as a new distinctive triple threat combining ransomware, spyware and DDoS attacks, said Chuck Everette, director of cybersecurity advocacy at Deep Instinct.

Everette said while RATs are common, Borat seems a bit more like a combination of potent utility tools for cyberattacks. It also adds several additional tools and utilities such as stealing, Discord tokens, taking control of Windows operating systems, using and capturing users' microphones and cameras, blanking the screen, moving or hiding taskbar and desktop.

“New threats, such as the Borat RAT shows the creativity and sophistication of cyber threats,” Everette said. “Unfortunately, threat actors are pushing out more ‘easy to use’ tools to engage with common criminals and expand their footprint. We can expect more of these hacker tool kits in the future. The good news is that the initial attack and entry point basically has not changed, so a good AI security solution like deep learning will identify and prevent these threats.”

Jack Mannino, CEO at nVisium, added that ransomware and DDoS attacks are a constant threat for organizations and attackers can exploit security bugs and flaws within software to amplify these attacks. Mannino said as these attacks are highly effective and can often be launched at a relatively low cost, DDoS threats will continue as a persistent, real risk for today’s digital organizations.

“Organizations can prepare themselves by performing security and quality testing of their software to ensure failures or functions that consume excessive resources cannot be abused to overwhelm any of their systems,” Mannino said.