HotRat malware has wideranging capabilities

Researchers from Avast have discovered malware hidden in the executables of pirated software capable of stealing victims’ login credentials and cryptocurrency wallets among other malicious actions.

The malware, which the researchers have named HotRat, is also capable of screen capturing, keylogging, installing more malware and accessing or altering clipboard data.

According to Avast’s analysis, HotRat has been discovered hidden inside cracked software including popular games and productivity applications. The most commonly affected software is typically Adobe (Illustrator, Master Collection, Photoshop) and Microsoft (Office, Windows) software.

HotRat uses a malicious AutoHotkey script to install itself on a compromised system as part of a multi-stage installation that is simultaneously designed to weaken system security by disabling the Consent Admin and altering Windows Defender settings.

Once installed, attackers can send a command and zipped .NET payload that is thought to be able to execute a wide range of functions including removing Avast and other antivirus tools, take a screenshot, kill specific processes, steal crypto wallets, steal stored passwords from web browsers, and download and execute an executable from a specific URL.

HotRat has been detected in most nations worldwide, including Australia and New Zealand, Avast said.

To mitigate the risk of infection, Avast has advised against downloading dubious software from unverified sources, especially any demanding the deactivation of antivirus programs.

Image credit: iStock.com/style-photography