New Trojan malware is affecting users’ computers known as BitRAT Malware. This Trojan malware is spreading as a Windows Activator Tool exploiting their Windows OS.
Threat actors are using BitRAT malware as a Windows Activator tool without knowing that it is Trojan malware affecting their Windows OS that gives Remote Access to the hackers and attackers.
BitRAT is a powerful remote access Trojan sold on Darkweb Markets and Cybercrime Forums with lifetime access for as low as 20$.
Threat actors buying this Trojan Windows Activator tool are distributed through the website and shared on social platforms.
Targeting pirates with Trojan malware
Researchers at AhnLab discovered BitRAT malware distribution and threat actors are distributing the Trojan malware as a Windows 10 Pro license activator on Webhards.
Webhards are online storage services popular in South Korea that have a steady influx of visitors who posts direct download links and posted on Social Media Platforms.
Due to their wide use of online storage services, BitRAT threat is more common among threat actors distributing Trojan Malware using Webshards.
The threat actor behind the new BitRAT campaign appears to be Korean on some of the Korean characters in the code snippets of BitRAT T Malware and the manner of its distribution.
In this campaign, the malicious file promoted as a Windows 10 activator is named ‘W10DigitalActiviation.exe’ and features a simple GUI with a button to “Activate Windows 10.”
But instead of activating Windows Licence on the host system, the activator downloads BitRAT Malware from the hardcoded command and control server operated by the Users.
The Trojan Malware fetched is BitRAT installed in folder location %Temp% as ‘Software_Reporter_Tool.exe’ and adds up to the startup folder.
The downloader also adds exclusions for Windows Defender to ensure that BitRAT Malware won’t encounter detection issues.
Once the malware installation process is completed, the downloader deletes itself from the system leaving behind only BitRAT Malware.
A Versatile RAT Malware Trojan
BitRAT is a powerful inexpensive, and versatile malware that can take away a wide range of valuable information from the host, perform DDoS attacks, UAC bypass, etc.
BitRAT Malware supports generic keylogging, clipboard monitoring, audio recording, webcam access, credential theft from web browsers, and XMRig coin mining functionality.
In Addition to that, BitRAT offers remote control for Windows Systems, reverse proxy through SOCKS4 and SOCKS5 (UDP), and hidden virtual network computing (hVNC).
On that front, ASEC’s analysts have found strong code similarities with TinyNuke, and its derivative, AveMaria (Warzone).
The hidden desktop feature on these RATs is so valuable that some hacking groups, like the Kimsuky, incorporated them in their arsenal just to use the hVNC tool.
Risk of using Pirated Softwares or Licence
If you are a user who needs to Activate Windows for free or Activate any digital product for free, then it’s always a security gamble by using Pirated software.
The more tools used to activate digital products illegally obtained copies of software or crack their intellectual property protection systems, the greater the chances of ending up with a nasty malware infection in Windows OS.
So be careful if you are a user who uses Pirated software because that can hurt your computer and even your data on it.
Source: Beeping Computers