1 min read

BitRAT Malware Seen Spreading Through Unofficial Microsoft Windows Activators

Vlad CONSTANTINESCU

March 22, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
BitRAT Malware Seen Spreading Through Unofficial Microsoft Windows Activators

BitRAT malware has launched a new campaign targeting people who try to activate pirated versions of Windows operating systems for free through unofficial license activators.

The criminals behind the campaign reportedly distribute the payloads in the guise of Windows 10 Pro license activators and push them on webhards, online storage services popular in South Korea.

Webhards are frequently used to create direct download links, which are then posted on communication platforms such as Discord and various social media services. Due to their widespread use and versatility, they have slowly become one of the most pervasive malware distribution channels among hackers.

In the newly discovered campaign, the malicious file, named W10DigitalActiviation.exe, mimics a simple, one-button unofficial Windows 10 activator. Upon pressing the faux “Activate Windows 10” button, victims trigger the download of the BitRATpayload, which is then deployed to %TEMP% as Software_Reporter_Tool.exe, configured to run at excluded from Windows Defender’s detection mechanisms.

After the downloader performs the operations above, it deletes itself from the infected computer in an attempt to wipe its tracks.

Judging from the campaign’s distribution manner and the presence of Korean characters in some of its code snippets, security experts suspect Korean threat actors are behind the operation.

BitRAT is a notorious remote access trojan (RAT) marketed on underground cybercriminal web markets and forums. Its price tag of $20 for lifetime access makes it irresistible to cybercriminals and helps the malicious payload spread.

Furthermore, each buyer’s modus operandi makes BitRAT even harder to stop, considering it can be employed in various operations, such as trojanized software, phishing and watering hole attacks.

BitRAT’s popularity arises from its versatility. The malicious tool can perform a wide range of operations, including data exfiltration, UAC bypass, DDoS attacks, clipboard monitoring, gaining unauthorized webcam access, credential theft, audio recording, XMRig coin mining and generic keylogging.

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Malicious Actors Exploit TikTok ‘Invisible Challenge’ to Steal Users’ Info Malicious Actors Exploit TikTok ‘Invisible Challenge’ to Steal Users’ Info
Alina BÎZGĂ

December 02, 2022

2 min read
Hackers Breach New Zealand Health Insurer Accuro Hackers Breach New Zealand Health Insurer Accuro
Filip TRUȚĂ

December 02, 2022

2 min read
Flaw allowed man to access private information of other Brinks Home Security customers Flaw allowed man to access private information of other Brinks Home Security customers
Graham CLULEY

November 30, 2022

2 min read