A cyber risk intelligence company has discovered the new Borat RAT that goes beyond the standard RAT features and enables threat actors to deploy ransomware and DDoS attacks. The added component of carrying out the DDoS attacks makes Borat RAT stealthy and potentially dangerous to modern digital establishments.

About Borat RAT

  • Borat RAT provides malicious hackers with a dashboard that assists in conducting malicious activities and compiling malware for DDoS and ransomware attacks on the victim’s machine.
  • Upon infection, it delivers a ransomware payload to the victim's machine, encrypting their files and demanding a ransom. Additionally, the package includes a keylogger executable file that records keystrokes on victims' computers and saves them in a .txt file.

Attack methodology

The attack begins when an unsuspecting employee from the targeted organization clicks a malicious link or attachment, giving full access to the systems.
  • A malware infection controls the victim's remote desktop, which gives the threat actor control of the victim's computer.
  • By controlling the victim’s machine, attackers are able to delete critical files, execute ransomware, and steal cookies and credentials.
  • The result can be a halt in operations, causing the victim firm to suffer massive financial and physical losses.

Borat’s auxiliary actions

  • Borat RAT has the ability to record computer audio as it first checks to see if the victim's machine has a microphone. If it does, the RAT records all audio and saves it in a file called micaudio.wav.
  • The malware can record videos using any webcam on the victim's machine.
The RAT performs remote activities such as Play Audio, Swap Mouse Buttons, Show/hide the Desktop, Show/hide the taskbar, Hold Mouse, Enable/Disable webcam light, Hang System, Monitor Off, and Blank screen, among others, to disturb the victims.


Borat combines RAT, spyware, and ransomware in one, creating a triple threat for machines infected with it. With the ability to execute DDOS attacks, Borat is an even more dangerous threat. Investing in the right technologies and developing robust verification measures can help organizations equip their employees to mitigate the threat.
Cyware Publisher