QueenOfHearts
The QueenOfHearts implant is very similar to KingOfHearts in terms of functionality, but it appeared on malware researchers' radar much later – around 2017. The threat continues to receive regular updates to enhance old features and introduce new functionality, even in 2020. As for features, it matches the ones of the KingOfHearts implant with one exclusion – it does not bear a 3rd-party library to take and transfer screenshots.
The communication channel the QueenOfHearts uses to contact the control server relies on the HTTP protocol, and the implant typically initiates the process by sending information about the compromised machine. As a response, it receives a specially crafted package, which contains a custom cookie header – the contents of the latter include a command the QueenOfHearts payload is meant to execute.
QueenOfHearts is believed to be used by the same threat actors behind the SLOTHFULMEDIA RAT reported earlier in October 2020. Despite the regular updates and anti-evasion techniques that QueenOfHearts employs, it can still be stopped by following basic network security protocols and employing up-to-date security measures.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.