Unofficial Windows 10 activator being used to spread BitRAT malware

A new threat is circling the world of Windows users. Dubbed as a new BitRAT malware distribution campaign, here the hackers are trying to persuade Windows users to use their activator program on a pirated Windows OS version without needing to buy it from the market. The BitRAT is available on the cybercrime forums for as little as $20 with lifetime access and that’s pushing the envelope a lot.

The New BitRAT distribution campaign is raising security concerns

According to the reports, the new BitRAT malware distribution campaign uses the BitRAT program which is a powerful remote access trojan virus.

The hackers can use a tonne of ways to inject into the victim’s PC including watering holes, phishing to trojanized software. The latest instance of BitRAT comes in the form of Windows 10 Pro license activators which as the name suggests, allows users to activate their pirated Windows 10 Pro versions without buying the latter.

The campaign was discovered by AhnLab where they found out that the activator links are heavily shared on social media from Webhards where you would find hot links to download the same. It appears that the distribution campaign that uses BitRAT as the arsenal has an origin in South Korea given the source code shows certain characters linking it to the country.

How does BitRAT works?

A new BitRAT distribution campaign has gone viral as an unofficial Windows 10 activator

If you have already downloaded the program to get away from paying for Windows OS activator, you should know that the zip file shows “W10DigitalActivation.msi” which seems like a legit file with a GUI that says “Activate Windows 10” in the preview.

If you activate Windows 10 using the program, it will download the BitRAT program in the %TEMP% file as “Software_Reporter_Tool.exe”. Apart from that, the installer will auto-delete itself while the program remains on the PC, excluded from Windows Defender, and added to the startup folder.

Apparently, BitRAT can cause issues such as UAC bypass or DDoS attacks among others. It can be used to create hidden virtual network computing (hVNC), remote control Windows systems among others. No doubt BitRAT has become popular especially in South Korea where people share the links to this program via social media and other avenues.