iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Security researchers have uncovered a new malware campaign built around free and cracked versions of popular games and software suites.
While the software and games seem relatively legitimate – except for the illegally pirated part, of course – they all have one more malicious thing in common.
They’re hosting a remote access Trojan that researchers at Avast have dubbed HotRat, which is capable of a range of malicious actions, from taking screenshots, killing specific processes, and disabling any installed anti-virus measures on infected machines.
What makes HotRat’s distribution method so effective is that to install a lot of cracked software, admin rights are required. So when a victim sees their shiny new software make such a request, they are more likely to grant it, setting off an infection chain that eventually sees the RAT installed and readily talking to the threat actor’s command and control infrastructure.
The cracked software is also installed, leaving the victim unaware they have just hijacked their own machine.
“Imagine HotRat as that uninvited guest who crashes your party, eats all your snacks, and then steals your wallet,” said Avast’s security evangelist Luis Corrons in a blog post. “Not cool, right? Once it sneaks into your computer, HotRat can swipe your personal info, snap screenshots of what you’re up to, and even invite more unwanted guests (read: more malware) over.”
“The worst part? You might not even know it’s there.”
HotRat has been in circulation since at least October 2022 and has been steady in its spread since then. The most affected countries are in Africa and Asia, though currently, its reach is relatively global – everyone loves free software, apparently, but it’s poorer countries that are more impacted.
Interestingly, according to Avast’s heatmap of the RAT’s distribution, Russia – among a number of other countries – seems unaffected.
The list of infected programs is large, but here’s an indicative sample of the kind of software being used to spread the Trojan.
“So, that free version of Adobe Photoshop or the latest video game you just downloaded could be a Trojan horse for HotRat,” Corrons concluded, “among a multitude of other potential security vulnerabilities”.
Just remember, if it’s too good to be true, it usually isn’t good at all – especially when it comes to cyber security.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
