Scammers Get Creative With Disguised Downloads

John Lister's picture

Scammers who don't want to write their own malware can now pay just $20 to start a campaign of attacks. They can then customize their "bait" with Windows installations and non-fungible tokens (NFTs) among the ways to target users.

The malware is available on dark web sites. These are sites that are part of the world wide web, but set up in a way that means they aren't indexed by search engines. That makes them suitable for people who don't want their activities easily traced.

A piece of malware called BitRAT costs just $20 for lifetime access. The name derives from "remote access Trojan" which is a form of malware that scammer can distribute disguised as something else, then remotely access the victim's computer.

Download Sites Dubious

It's up to the individual scammer how they want to disguise and distribute it. Security researchers at AhnLab spotted one BitRAT campaign that used "Webhards", a type of online storage service in South Korea. They're commonly used to share files, often in ways that skirt around copyright and licensing laws. (Source:

The latest campaign involves disguising BitRAT as an activation tool for Windows 10. The listings give the impression that it will let users run an installed copy of Windows 10 without the relevant licensing, for example from upgrading from Windows 7.

Once the victim has unwittingly installed BitRAT, the scammers have a wide range of tools available, including remotely controlling Windows; gathering information from the keyboard, clipboard and webcam; and stealing passwords.

NFT Curiosity Exploited

According to Wikipedia, NFTs are a "non-interchangeable unit of data stored on a blockchain, a form of digital ledger, that can be sold and traded. Types of NFT data units may be associated with digital files such as photos, videos, and audio." (Source

It seems to be almost a competition between scammers to figure out changing trends to find the best way to scam users by disguising BitRAT. Earlier this year some scammers had success distributing it through what appeared to be a spreadsheet about non-fungible tokens (NFTs). (Source:

Depending on your viewpoint, NFTs are either a creative way to monetize digital assets such as artworks, or a modern equivalent of suckers buying land on the moon while helping destroy Earth.

Either way, it's a reminder of the importance of always taking care to assess the source and legitimacy of any downloaded file or software.

What's Your Opinion?

How do you vet software before installing it? Do people who download malware disguised as pirated software deserve any sympathy? If you were a scammer, what disguise would you use to distribute BitRAT?

Rate this article: 
Average: 5 (4 votes)