Users hunting for unauthorised Windows licence activators are being actively targeted by a BitRAT malware operation. These licence activators are designed to activate pirated copies of the Windows operating system.
Activators that aren’t genuine are being used.
Researchers from AhnLab found a phishing attempt spreading Windows 10 Pro licence activators on webhard. In reality, these activators are dangerous and contaminated with the BitRAT virus.
W10DigitalActiviation.exe is a malicious programme that masquerades as a Windows 10 activator and has a simple GUI with a button to activate Windows 10. Instead of launching Windows, this will download malware from C2.
When the virus is installed, the downloader disappears from the infected PC, leaving just BitRAT.
Threat actors in the campaign appear to be based in South Korea. This conclusion was reached based on the distribution mechanism and the presence of particular Korean characters in the code samples.
A brief description of BitRAT
BitRAT is marketed as a strong, adaptable, and low-cost virus that can steal sensitive data from the host computer. DDoS attacks and UAC bypass are also possible with the RAT.
BitRAT has a number of functions, including keylogging, audio recording, clipboard monitoring, credential theft from web browsers, camera access, XMRig currency mining, and more.
It also has hidden virtual network computing (hVNC), remote control for Windows PCs, and a SOCKS4 and SOCKS5 reverse proxy capability (UDP).
Links and connections
TinyNuke and AveMaria have considerable coding similarities, according to researchers (Warzone). Hacker groups like Kimsuky also leveraged the RAT’s hidden desktop functionality to employ hVNC tools.
Conclusion
Using a pirated operating system is never a good idea, and looking for activators might lead to malware infestations like BitRAT. As a result, experts strongly advise against using activator programmes or accessing websites that sell such tools for Windows activation. To be safe from such dangers, always use reputable anti-malware software.