Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Malware

BitRAT (Remote Access Trojan) – Malware

June 11, 2024
Reading Time: 6 mins read
in Malware

BitRAT

Type of Malware

RAT

Country of Origin

Unknown

Date of initial activity

2020

Associated Groups

Multiple threat actors as this malware it has bee widely sold on underground cybercriminal markets and forums (eg Kimsuky)

Targeted Countries

Worldwide

Motivation

BitRAT can be used for a variety of malicious purposes, including recording video and audio, data theft, DDoS attacks, cryptocurrency mining, and delivering additional payloads. When hackers gain users' data, they sell it on the dark web for any cybercriminals to use.

Attack vectors

Weaponized Microsoft Excel spreadsheets, pirated Microsoft Windows licenses, via webhards. Fake Browser Updates

Tools

TinyNuke

Targeted systems

Windows

Overview

According to Bitdefender, BitRAT is a well-known remote access trojan (RAT) extensively sold on underground cybercriminal markets and forums. Its $20 lifetime access cost makes it highly appealing to cybercriminals and aids in the dissemination of its malicious payload. BitRAT is marketed as a powerful, affordable, and versatile malware capable of stealing a wide range of valuable information from the host, performing DDoS attacks, bypassing UAC, and more. BitRAT features include generic keylogging, clipboard monitoring, webcam access, audio recording, credential theft from web browsers, and XMRig coin mining capabilities. Additionally, it provides remote control for Windows systems, hidden virtual network computing (hVNC), and reverse proxy through SOCKS4 and SOCKS5 (UDP). The hidden desktop feature is so valuable that some hacking groups, like Kimsuky, have incorporated it into their arsenal specifically to use the hVNC tool. The varied methods employed by each buyer make BitRAT even more difficult to combat, as it can be utilized in various operations such as trojanized software, phishing, and watering hole attacks. In this regard, ASEC’s analysts have identified strong code similarities with TinyNuke and its derivative, AveMaria (Warzone).”

Targets

Users who download illegal crack tools from webhard and install it to verify Windows license are at risk of having BitRAT installed into their PC.

How they operate

BitRAT is a malware distribution campaign spread through pirated Microsoft Windows licenses. When users download these pirated versions of Microsoft products, they simultaneously install BitRAT on their devices. As a remote access trojan (RAT) malware, BitRAT allows its attacker to gain control of the infected system. BitRAT not only offers basic control features such as running process tasks, service tasks, file tasks, and remote commands, but also provides additional options like various info-stealing features, HVNC, remote desktop, coin mining, and proxies. Here is the list of features that BitRAT offers: Network Communication Method Encrypted communication using TLS 1.2 Communication using Tor Basic Control Process manager Service manager File manager Windows manager Software manager Information Theft Keylogging Clipboard logging Webcam logging Audio logging Application (e.g., web browsers) account credential theft Remote Control Remote desktop hVNC (Hidden Desktop) Proxy SOCKS5 Proxy: port forwarding feature using UPnP Reverse Proxy: SOCKS4 Proxy Coin Mining XMRig CoinMiner Others DDoS attack UAC Bypass Windows Defender deactivation

Significant Malware Campaigns

  • BitRAT, first observed in late 2020, is a newcomer to the malware scene. Threat actors can purchase this malware on popular underground forums and have been observed distributing it via malicious XLS attachments in malspam. (May 2021)
  • FortiGuard Labs recently came across a peculiar-looking Excel spreadsheet that seemingly included NFT-related information. But instead, it downloads and installs the BitRAT malware in the background. (February 2022)
  • The ASEC analysis team has recently discovered BitRAT which is being distributed via webhards. (March 2022)
  • The payloads were MaaS (Malware as a Service) info-stealers: AZORult, BitRAT and Raccoon. All are available for purchase in various markets and groups. (May 2022)
  • Three fileless malware in a huge downloaded PowerShell file to bypass detection, and how these are later deployed and executed inside the target processes through Process Hollowing. These three fileless malware are AveMariaRAT / BitRAT / PandoraHVNC. (May 2022)
  • BitRAT is a fairly recent, notorious remote access trojan (RAT) marketed on underground cybercriminal web markets and forums since Feb 2021. (January 2023)
  • In May 2024, eSentire’s Threat Response Unit (TRU) detected an instance of fake updates delivering BitRAT and Lumma Stealer. (May 2024)
References:
  • BIOTECH-THEMED MALSPAM DROPS BITRAT
  • BitRAT Disguised as Windows Product Key Verification Tool Being Distributed
  • NFT Lure Used to Distribute BitRAT
  • Info-stealer Campaign targets German Car Dealerships and Manufacturers
  • Phishing Campaign Delivering Three Fileless Malware: AveMariaRAT / BitRAT / PandoraHVNC
  • BitRAT Now Sharing Sensitive Bank Data as a Lure
  • Fake Browser Updates delivering BitRAT and Lumma Stealer
  • BitRAT Malware Seen Spreading Through Unofficial Microsoft Windows Activators
Tags: BitdefenderBitRATCybercriminalDDoSMalwareMicrosoftNetworkRATRemote Access TrojanWindows
ADVERTISEMENT

Related Posts

Iranian Phishing Campaign (Scam) – Malware

Iranian Phishing Campaign (Scam) – Malware

March 2, 2025
Fake WalletConnect (Infostealer) – Malware

Fake WalletConnect (Infostealer) – Malware

March 2, 2025
SilentSelfie (Infostealer) – Malware

SilentSelfie (Infostealer) – Malware

March 2, 2025
Sniper Dz (Scam) – Malware

Sniper Dz (Scam) – Malware

March 2, 2025
TikTok Malware Scam (Trojan) – Malware

TikTok Malware Scam (Trojan) – Malware

March 2, 2025
Zombinder (Exploit Kit) – Malware

Zombinder (Exploit Kit) – Malware

March 2, 2025

Latest Alerts

Google Patches Chrome Account Takeover Bug

Horabot Malware Targets LatAm Via Phishing

HTTPBot DDoS Threat To Windows Systems

Microsoft Defender Bug Allows SYSTEM Access

Uncanny Automator Bug Risks WordPress Sites

Devs Hit By PyPI Solana Token Secret Theft

Subscribe to our newsletter

    Latest Incidents

    Dior Breach Exposes Asian Customer Data

    Australian Human Rights Body Files Leaked

    Nucor Cyberattack Halts Plants Networks

    Alabama Cybersecurity Event Hits Services

    Andy Frain Data Breach Impacts 100k People

    Hong Kong DSC Hit By Ransomware Attack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial