Using unauthorized license activators, the BitRAT virus has begun a new effort to target anyone who attempts to activate pirated copies of Windows operating systems for free using the BitRAT trojan.
According to reports, the crooks behind the operation are disseminating the payloads under the pretext of Windows 10 Pro license activators and distributing them through webhards, which are popular online storage facilities in South Korea.
Internet-based hard discs (webhards) are widely used to generate direct download links, which are subsequently posted on communication platforms such as Discord and different social media sites. Because of their extensive use and adaptability, they have quietly but steadily risen to become one of the most often used malware delivery methods among cybercriminals and hackers.
The malicious software, entitled W10DigitalActiviation.exe, is used in the newly found campaign to impersonate a straightforward, one-button unauthorized Windows 10 activator. Violent victims are tricked into clicking on a fake “Activate Windows 10” button, which causes the download of a malicious BitRATpayload, which is then deployed to the percent TEMP percent directory as Software Reporter Tool.exe and configured to run at a low level of protection from Windows Defender’s detection mechanisms.
Following the completion of the aforementioned processes, the downloader attempts to remove itself from the infected machine in an attempt to erase all traces of its presence.
Security specialists believe that Korean threat actors are behind the campaign, based on the method in which it was distributed and the existence of Korean characters in some of its code samples.
Remote access Trojan (RAT) BitRAT is a well-known remote access trojan (RAT) that is sold on underground cybercriminal online markets and forums. Its low price of $20 for lifetime membership makes it an appealing target for fraudsters, who use it to propagate their harmful payloads.
Furthermore, because BitRAT may be used in a variety of activities, such as trojanized software, phishing, and watering hole attacks, identifying the buyer’s modus operandi makes it much more difficult to detect and eliminate.
The popularity of BitRAT can be attributed to its adaptability. Data exfiltration, UAC bypass, DDoS assaults, clipboard monitoring, illegal camera access, credential theft, audio recording, XMRig currency mining, and generic keylogging are all possible with the malicious program.
