Home Malware Programs Remote Administration Tools BitRAT

BitRAT

Posted: August 25, 2020

Malware developers are not always skilled and smart hackers who create state-of-the-art cyber-threats. In fact, public hacking forums are filled to the brim with advertisements for low-quality infostealers, Remote Access Trojans, and other popular malware that cybercriminals might be interested in. Often, the poorly coded projects are offered for free, but there is plenty of low-quality malware that is being sold at hefty prices. Such is the case of BitRAT, a piece of malware that is being advertised on one of the most popular public hacking forums.

The authors of the threat, named 'UnknownProducts,' make a plethora of false claims that aim to assure potential customers that they are about to purchase a high-quality product. The authors claim that they have not reused code from other malware projects, and they advertise their product as fully undetectable and impossible to remove manually – closer analysis of BitRAT's code reveals that neither of these statements is true, and the project is very poorly constructed.

An Inexperienced Malware Developer Created the BitRAT by Plagiarizing Open-Source Projects

Despite being a very low-effort Remote Access Trojan, the BitRAT is still able to cause a lot of trouble if its files are dropped on an unprotected computer. It boasts features typical for RATs:

  • Access, view and modify files.
  • Execute remote commands.
  • Download and execute files from the Internet.
  • Initialize a hidden remote desktop client (HVNC.)
  • Stop core Windows security services.
  • Access the Web camera and microphone.
  • Trigger a Blue Screen of Death (BSOD.)

Freelance researchers that explored BitRAT's codebase report that the malware appeared to borrow a significant portion of its code from other malware projects, as well as public programming forums like StackOverflow. For example, the HVNC (Remote Desktop) functionality is ripped-off from TinyNuke. The code responsible for triggering a Blue Screen of Death was coped entirely from an old thread on the StackOverflow forums.

Many of the techniques and functions featured in the BitRAT malware are implemented very poorly– the authors seem to be very experienced, and they have used archaic methods to disable the Windows security services or execute downloaded files. The use of these methods means that any up-to-date anti-malware software will detect the intrusion easily and terminate the attack.

While threats like the BitRAT are found laughable by experienced malware researchers, they show a worrying trend that even inexperienced malware developers can build and sell a threatening application by copying code from various open-source projects.

Loading...