Wednesday, February 8, 2023
spot_img
HomeCyber CrimeBitRAT Spreads as Windows Activator

BitRAT Spreads as Windows Activator

Users hunting for unauthorised Windows licence activators are being actively targeted by a BitRAT malware operation. These licence activators are designed to activate pirated copies of the Windows operating system.

Activators that aren’t genuine are being used.

Researchers from AhnLab found a phishing attempt spreading Windows 10 Pro licence activators on webhard. In reality, these activators are dangerous and contaminated with the BitRAT virus.

W10DigitalActiviation.exe is a malicious programme that masquerades as a Windows 10 activator and has a simple GUI with a button to activate Windows 10. Instead of launching Windows, this will download malware from C2.

When the virus is installed, the downloader disappears from the infected PC, leaving just BitRAT.

Threat actors in the campaign appear to be based in South Korea. This conclusion was reached based on the distribution mechanism and the presence of particular Korean characters in the code samples.

A brief description of BitRAT

BitRAT is marketed as a strong, adaptable, and low-cost virus that can steal sensitive data from the host computer. DDoS attacks and UAC bypass are also possible with the RAT.

BitRAT has a number of functions, including keylogging, audio recording, clipboard monitoring, credential theft from web browsers, camera access, XMRig currency mining, and more.

It also has hidden virtual network computing (hVNC), remote control for Windows PCs, and a SOCKS4 and SOCKS5 reverse proxy capability (UDP).

Links and connections

TinyNuke and AveMaria have considerable coding similarities, according to researchers (Warzone). Hacker groups like Kimsuky also leveraged the RAT’s hidden desktop functionality to employ hVNC tools.

 

Conclusion

Using a pirated operating system is never a good idea, and looking for activators might lead to malware infestations like BitRAT. As a result, experts strongly advise against using activator programmes or accessing websites that sell such tools for Windows activation. To be safe from such dangers, always use reputable anti-malware software.

IEMA IEMLabs
IEMA IEMLabshttps://iemlabs.com
IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -spot_img

Most Popular

Recent Comments

DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us