Despite risks to their own data and devices, some users continue to be lured into downloading illegal versions of popular paid-for software, disregarding the potentially more severe repercussions than legitimate alternatives. We have analyzed how cybercriminals deploy HotRat, a remote access trojan (RAT), through an AutoHotkey script attached to cracked software. This malware variant facilitates a range of malicious actions, including the theft of credentials, capturing screenshots, and installing additional malware.