Cyble, an Atlanta-based cyber risk intelligence firm, discovered a new Remote Access Trojan (RAT) malware. So what distinguishes this Borat RAT malware enough to be named after Sacha Baron Cohen’s comic creation?

What are Remote Access Trojans (Borat RAT)?

RAT malware typically assists cybercriminals in gaining complete control over a victim’s system, granting them access to network resources, files, and the ability to control the mouse and keyboard. Borat RAT malware goes above and beyond standard features, allowing threat actors to launch ransomware and DDoS attacks. It also expands the number of threat actors capable of launching attacks, sometimes appealing to the lowest common denominator. The added functionality of launching DDoS attacks makes it more insidious and dangerous to today’s digital organizations.

Ransomware has been the most common attack type for over three years. According to IBM, REvil was the most common ransomware strain, accounting for approximately 37% of all ransomware attacks. Borat RAT is a one-of-a-kind and potent malware that combines RAT, spyware, and ransomware capabilities.

What Makes Borat RAT a Triple Whammy?

The Borat RAT provides a platform for malicious hackers to conduct RAT malware activities and the ability to compile malware binary for DDoS and ransomware attacks on the victim’s machine. The RAT also contains code for launching a DDoS attack, slowing down response services to legitimate users, and even causing the site to go offline.

Surprisingly, Borat RAT can deliver a ransomware payload to the victim’s machine, encrypting users’ files and demanding a ransom.

A keylogger executable file is also included in the package, which records keystrokes and saves them in a .txt file for later exfiltration.

Other features of the Borat RAT malware that make it fun or not so fun include:

  • A reverse proxy to keep the hacker hidden
  • The ability to steal browser credentials or Discord tokens
  • The ability to insert malicious code into legal processes

Borat RAT also performs the following actions to annoy or scare its victims:

  • Turning on and off the monitor
  • Hide/show desktop elements such as the start button and taskbar
  • Unwanted audio being played
  • Turning on/off the webcam light

If the system has a microphone connected, the Borat RAT malware will record audio from the computer and save it in another file called “micaudio.wav.”

Similarly, the malware can begin recording if a webcam is discovered on the system.

Should Businesses Create a Strong Response Strategy?

The remote desktop function included in the Borat RAT malware can wreak havoc on your business by allowing the threat actor to delete critical information/intellectual rights, grab the operating system version and machine model, and steal potential cookies/saved login credentials. As a result, businesses must watch out for the threat and prepare for such attacks.

Recommendations for Improving Security

Let’s take a look at the recommendations listed below to protect your networks from cyberattacks:

  • Examine the use of remote administration tools for industrial network applications and systems. Remove any remote administration software that isn’t required for the industrial process.
  • Set up strong password management and multi-factor authentication.
  • Make use of reputable antivirus software and internet security packages.
  • Include a response strategy for immediately containing the threat.
  • Utilize flash storage solutions and implement appropriate data backup procedures. This will help to ensure operational continuity and reduce infrastructure costs.
  • Keep important files away from common locations such as Desktop and My Documents.
  • Use an email security software solution to classify and filter malicious emails. Employees can also benefit from regular training sessions to become more aware of potential threats.
  • Refine and optimize your vulnerability management system. This will assist your organization in prioritizing the most critical vulnerabilities.

Organizations must empower their employees to understand the current threat landscape better. Investing in the right technologies and developing robust verification measures can ensure that the right people have access to the correct information. In today’s fast-paced digital world, resolving incidents quickly and efficiently is critical.


Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.


About Rhyno Cybersecurity Services

Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.

Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.

This website uses cookies to improve your online experience. By continuing, we will assume that you are agreeing to our use of cookies. For more information, visit our Cookie Policy.

Privacy Preference Center