Trojan HotRat Is Distributed through Pirated Versions of Software and Games

pirated software and HotRat

Avast experts have warned that a new variant of AsyncRAT malware, called HotRat, is distributed through pirated versions of popular programs and utilities. This includes games, Microsoft Office, and audio and image editing software. That is not the only malware activated via an unusual spreading channel. We recently covered the IcedID and Gozi trojans spreading through malvertising. Additionally, hackers started spreading a trojanized TeamViewer installer that contains njRAT trojan.

The original AsyncRAT (Remote Access Trojan) is designed to remotely monitor and control infected computers over a secure encrypted connection. Its “successor”, HotRat, has been active since at least October 2022, with most infections concentrated in Thailand, Guyana, Libya, Suriname, Mali, Pakistan, Cambodia, South Africa and India.

HotRat malware provides attackers with a wide range of options, including stealing credentials, cryptocurrency wallet information, screen capture, keylogging, installing additional malware, and accessing and modifying clipboard data.the experts write.

HotRat spreads by combining a malicious AutoHotkey script with various hacked software, which is usually available on torrent trackers. The script initiates the chain of infection and is designed to deactivate antiviruses on a compromised host, as well as launch the HotRat payload using the Visual Basic script loader.

HotRat attack scheme
Attack scheme

Experts describe HotRat as a comprehensive RAT that supports nearly 20 commands, each of which executes a .NET module received from a remote server, which allows malware operators to extend its functionality as needed.

Despite the significant risks, the irresistible temptation to get quality software for free remains, which forces many people to download illegal software. Therefore, such software is still an effective method for the widespread distribution of malware.the researchers conclude.

The media also wrote that the QBot Trojan can steal information from emails of users of infected systems.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *