The 2006 black comedy, Borat, may have been a laugh but its namesake malware is not. The recently discovered Borat RAT is a unique triple cyber threat to businesses that is far from funny. The malware combines a remote access trojan (RAT), spyware and ransomware and poses a serious triple threat to the IT of organizations, big and small.


Borat RAT was discovered and monikered in early April by a team of researchers at Cyble Research Labs, a  Deep and Dark Web intelligence service operating out of the United States, India, Singapore and Australia. Currently, the malware is circulating on the Dark Web by bad actors and Cyble has confirmed that it is being made available for sale to hackers. One researcher alarmingly stated:

“The Borat RAT provides a dashboard to Threat Actors (TAs) to perform RAT activities and also has an option to compile the malware binary for performing DDoS and ransomware attacks on the victim’s machine.”


Cybercriminals typically USE RATs to gain full access to a victim’s computer or system. They can control files and network resources and manipulate the mouse and keyboard. Besides conducting distributed denial of service (DDoS) attacks, Borat’s functionality includes keylogging and ransomware payload delivery. Cybercriminals can use the malware to encrypt files and even create a ransom note on the victim’s machine. Borat also contains a code that will decrypt files once the ransom has been paid.


Borat is also able to detect if a device has an active webcam or microphone and consequently record any video or audio. To add to the fun and games, the malicious software is also designed to frustrate and annoy and is capable of playing random unwanted audio, swapping the mouse buttons around, and showing or hiding the desktop and taskbars. Unfortunately, it doesn’t end there. The Sacha Baron Cohen derivative can compromise your computer by disabling Microsoft Defender, take screen captures and steal cookies and saved credentials from Chrome and Edge. As reported by a Cyble researcher, it also has a remote desktop function:

“This malware takes the remote desktop of the infected machine. It then gives the Threat Actor (TA) the necessary rights to perform activities such as controlling the victim’s machine, mouse, keyboard, and capturing the screen. Controlling the victim’s machine can allow TAs to perform several activities such as deleting critical files or executing ransomware in the compromised machine.”


Cybersecurity expert, Chris Olson, has said that Borat has shown us how dangerous the Dark Web is as a contributor to cybercrime as we now know it. Olson said:

“They are one of many reasons we are seeing a rise in Web and Java-based malware with sophisticated features like polymorphic and obfuscated code, rapid URL shifting, and more. It takes little expertise for attackers to target consumers and organizations through digital surfaces – only the money and inclination to acquire the right code from malicious actors who design it for a living.”

Robert Shaughnessy, a VP at  cybersecurity consultancy Grimm, wrote on Twitter:

“We’re likely to see more pre-packaged malware sets like Borat in the future, as more individuals & orgs take advantage of malicious software now available for profit.”

Joseph Carson, a cybersecurity scientist also spoke of effective password management as a deterrent to the ransomware. He said:

“Weak credentials are one of the most common causes that make it easy for attackers to gain an initial foothold. Strong password management, privileged access security and multi-factor authentication will make it difficult for an attacker to be successful at gaining the initial foothold.


While the news of Borat may sound terrifying, you don’t need to let the malware worry you needlessly. Using common sense and cybersecurity good practice, you can defend your business against Borat. Here are six critical tips to do this:

  • Don’t store important files on the desktop
  • Use strong passwords and MFA
  • Enable automatic updates on all devices
  • Don’t click on links or download from suspicious emails
  • Apply an authentic antivirus
  • Backup in the cloud and offline – keep those separate and secure network location

I say bring Borat on. There’s nothing I like more than an IT challenge. I have over 20 years of experience in professional business IT, specializing in cybersecurity and risk mitigation. Don’t hesitate to contact me regarding any of your cybersecurity concerns. Call me now and let’s beat Borat together.

Leave a comment