• “HotRat” distribution within illegal software

    Home » Forums » Cyber Security Information and Advisories » Cyber Security for Home Users » “HotRat” distribution within illegal software

    Tags:

    Author
    Topic
    Microfix
    AskWoody MVP
    July 22, 2023 at 3:22 pm #2575123

    Tagged ‘HotRAT’ by cybersecurity analysts at Avast, this has been targeting netizens who download cracked and pirated software like popular games and utilities.This disables certain AV suites once the payload is injected via cracked/pirated software.

    There’s quite a large list of well known and used cracked software, but one caught my eye (which belongs to Avast!) CCleaner Professional.

    Avast is also one of the AV’s that gets a targeted load to ammend security features along with Malwarebytes, AVG and McAfee.

    For more info and list of software:

    https://decoded.avast.io/martinchlumecky/hotrat-the-risks-of-illegal-software-downloads-and-hidden-autohotkey-script-within/

    Windows - commercial by definition and now function...
    2 users thanked author for this post.
    Alex5723, Fred
    Reply | Quote
    Viewing 4 reply threads
    Author
    Replies
    • Fred
      AskWoody Lounger
      July 22, 2023 at 3:31 pm #2575124

      ooops when trying to open this link ‘-(

      malwbytes

      * _ ... _ *
      Reply | Quote
      • Paul T
        AskWoody MVP
        July 23, 2023 at 12:32 am #2575170

        That site is clean on VirusTotal and it doesn’t use any cookies. MB is being over sensitive methinks.

        cheers, Paul

        Reply | Quote
        • Fred
          AskWoody Lounger
          July 23, 2023 at 5:46 am #2575200
          Alex5723 wrote:

          The link works fine with Chrome, Firefox ESR and Kaspersky

          It isn’t about working fine or not; once the RAT is exploited “all works fine” so to speak.
          The warning from Malwarebytes is about: “Riskware or risky software” and describes legitimate software programs that contain loopholes or vulnerabilities that can be “exploited by hackers for malicious purposes.”
          So, if you do not mind, I will NOT (partially) disable Malwarebytes Premium but take their advice and leave this site alone.

          The site gives this info in the attached pdf:

          HotRat_-The-Risks-of-Illegal-Software-Downloads-and-Hidden-AutoHotkey-Script-Within-Avast-Threat-Labs

          About the statement “and it doesn’t use any cookies“, check again: <https|decoded|avast|io> for sure uses =>> cookie, tracker, tracer, header referrers, webpage scripting and finger printing.

          xx

          * _ ... _ *
          Reply | Quote
          • Paul T
            AskWoody MVP
            July 23, 2023 at 6:46 am #2575211

            You get HotRat by running illegal software, not by visiting the Avast web site.

            cheers, Paul

            2 users thanked author for this post.
            Microfix, Alex5723
            Reply | Quote
        • Fred
          AskWoody Lounger
          July 23, 2023 at 5:47 am #2575202

          ..

          * _ ... _ *
          Reply | Quote
      • Alex5723
        AskWoody Plus
        July 23, 2023 at 12:35 am #2575173

        The link works fine with Chrome, Firefox ESR and Kaspersky

        Reply | Quote
    • anon
      Guest
      July 23, 2023 at 12:35 am #2575155

      link is fine here, reading the description, malwarebytes can be used against the user too if infected.

      Reply | Quote
    • Fred
      AskWoody Lounger
      July 23, 2023 at 5:53 am #2575204

      @Alex5723 : see #2575200  please

      * _ ... _ *
      • This reply was modified 1 year, 10 months ago by Fred.
      • This reply was modified 1 year, 10 months ago by Fred.
      Reply | Quote
    • Fred
      AskWoody Lounger
      July 23, 2023 at 5:59 am #2575207
      Paul T wrote:

      That site is clean on VirusTotal and it doesn’t use any cookies. MB is being over sensitive methinks.

      cheers, Paul

      Really?

      * _ ... _ *
      Reply | Quote
    • Alex5723
      AskWoody Plus
      July 23, 2023 at 1:37 pm #2575254
      Fred wrote:

      Malwarebytes

      I see that Malwarebytes warning as a false positive.

      Reply | Quote
    Viewing 4 reply threads
    Reply To: “HotRat” distribution within illegal software

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    June 2025
    S M T W T F S
    1234567
    891011121314
    15161718192021
    22232425262728
    2930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.