Avast experts have warned that a new variant of AsyncRAT malware, called HotRat, is distributed through pirated versions of popular programs and utilities. This includes games, Microsoft Office, and audio and image editing software. That is not the only malware activated via an unusual spreading channel. We recently covered the IcedID and Gozi trojans spreading through malvertising. Additionally, hackers started spreading a trojanized TeamViewer installer that contains njRAT trojan.
The original AsyncRAT (Remote Access Trojan) is designed to remotely monitor and control infected computers over a secure encrypted connection. Its “successor”, HotRat, has been active since at least October 2022, with most infections concentrated in Thailand, Guyana, Libya, Suriname, Mali, Pakistan, Cambodia, South Africa and India.
HotRat spreads by combining a malicious AutoHotkey script with various hacked software, which is usually available on torrent trackers. The script initiates the chain of infection and is designed to deactivate antiviruses on a compromised host, as well as launch the HotRat payload using the Visual Basic script loader.
Experts describe HotRat as a comprehensive RAT that supports nearly 20 commands, each of which executes a .NET module received from a remote server, which allows malware operators to extend its functionality as needed.
The media also wrote that the QBot Trojan can steal information from emails of users of infected systems.