QNode RAT

A variant of the QNode RAT is being propagated through a large-scale email spam campaign that may inform the recipient that they have received a 'GOOD LOAN OFFER.' The email's contents list an offer to loan hundreds of thousands of dollars, but what is really interesting is the attached file, which usually accompanies the message. The recipients of this message may see a JAR file, which claims to contain a scandalous video of Donald Trump – it is not clear why the attachment and the message seem to concern different topics entirely. Needless to say, the JAR file attachment is not a video file, and, instead, it is meant to execute the QNode RAT on the compromised system. The best way to keep yourself from such attacks is to invest in reputable anti-virus software, as well as to remember to avoid downloading unknown files or email attachments.

Users who fall victim to the QNode RAT, also known as QRAT, may end up in a lot of trouble. Thankfully, this malware is only compatible with Windows machines, so there are some limitations concerning its reach. Once the malware is running, it enables the remote attacker to:

• Collect system, hardware and software information.
• Modify files.
• Collect saved application credentials.
• Run additional payloads.
• Execute remote commands.

The info-collecting component of the QNode RAT appears to focus on Web browsers and email clients, but it also may collect data from FTP clients or popular messaging applications. If you recall interacting with a shady file like the one described above, then we recommend running a full system anti-malware scan to make sure that the QNode RAT or a similar threat is not running in the background.