HotRat: Hackers Exploit Pirated Software to Spread This New AsyncRAT Variant

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

A new AsyncRAT malware variant named HotRat is being spread through free cracked software of popular system and development tools as well as video games. Once deployed, the malware helps the attacker steal personal and sensitive information from the victim’s machine.

‘’HotRat malware equips attackers with a wide array of capabilities, such as stealing login credentials, cryptocurrency wallets, screen capturing, keylogging, installing more malware, and gaining access to or altering clipboard data,’’ Avast researchers said.

Equipping cracked software sourced online with a malicious AutoHotkey script, the malware conceals a PowerShell script that aims to deactivate security solutions, establish system persistence, and eventually launch the malware HotRat using a Visual Basic Script (VBS) Loader.

‘’Since HotRat is run with admin privileges, it is very easy for attackers to make changes in security,’’ noted Avast. The malware has been observed to have the capability to evade or bypass most antivirus software including Avira, Windows Defender, AVG, Malwarebytes, McAfee.

HotRat, described as a comprehensive RAT malware has been designed with additional capabilities including stealthily extracting sensitive information and credentials as well as deploying other malwares. The researchers identified 20 new commands with capabilities to execute .NET payloads sent from C2 (Command and Control) servers. This functionality allows the hackers behind the campaign to execute, change or add commands as desired.

The researchers noted that the malware has been more prevalent since the middle of October 2022, with the majority of infestations occurring in South Asia, East Europe, North America, and African regions.

‘’Despite the known dangers, [..] irresistible temptation to acquire high-quality software at no cost persists, leading many people to download illegal software. [..] The spread of this malware happens through public repositories, with links being disseminated on social networks and forums,’’ noted the researchers.

It is imperative that users avoid dubious websites offering free software downloads and update system security solutions, to safeguard against malware infestations.

Beauty Giant Estée Lauder Targeted by BlackCat and Cl0p Ransomware Groups

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

On July 18, Estée Lauder in a press statement disclosed that the company had suffered a cybersecurity attack by an unauthorized third party. However, two ransomware gangs have claimed breaching the company in separate incidents.

On their dark leak sites, the threat actors Cl0p and ALPHV/BlackCat added the New York-headquartered Estée Lauder’s name to their growing list of victims.

Regardless of their claims, the cosmetic maker in its statement confirmed only one of the attacks saying that unknown hackers had accessed the company’s network and stolen some data.

Full details of the attack are yet to be known, but, on being aware of the incident, the company proactively took down the compromised system to prevent further infiltration. Now, it remains to be seen whether the company only suffered a data breach attack or if there was also a deployment of ransomware onto its network.

Cl0p ransomware gang claims to have 131GB of data in its possession. Whether or not this data came from its MOVEit Transfer supply chain campaign that adversely affected various organizations worldwide is yet to be confirmed.

Nevertheless, the MAC cosmetics owner confirmed the continuation of its investigation with third-party cybersecurity experts to understand the nature and scope of stolen data. It’s also coordinating with law enforcement agencies and has reported the incident in its Security Exchange Commission (SEC) filing.

Focused on remediation, Estée Lauder has already deployed measures to secure its network and business operations, including restoring the compromised system and services. ‘’The incident has caused, and is expected to continue to cause, disruption to parts of the Company’s business operations,’’ the statement read.

In 2020, the beauty giant had suffered a massive data breach of nearly 440 million records due to the exposure of an unprotected database. The database was said to contain email addresses of a company-owned education platform’s users.