Cybersecurity experts have identified a new phishing campaign that lures victims into downloading malware which grants the attackers full control over the targeted Microsoft Windows machines. The QRat trojan first appeared in 2015 and has wreaked havoc because it is not easily detectable.
The whole thing is hidden under several layers of obscured code and gives the hackers remote access to the computers they infect.
The capabilities carried by the malware include keylogging, taking screengrabs, stealing passwords, and other sensitive information. With such access, hackers can do anything they want with your system.
What has Trump got to do with it?
The cybersecurity researchers at Trustwave have shown that this new QRat campaign, asks the targets to download the latest version of the malware. The new malware is improved to enhance its effectiveness.
The phishing campaign used to start by offering the victims a loan with a high ROI (return on investment). Now, the phishing campaign begins by sharing a video about President Donald Trump.
Researchers say that this campaign is different because it seems to be based on what is considered newsworthy. It is all about trying to get the attention of victims, which the attackers seem to have figured out.
It doesn’t matter what the phishing email says because once the victim opens it, a Java Archive file (JAR) will run and result in the installation of the QRat malware. Since it has many layers to hide it, it is not easily detectable as malware.
Strangely enough, the process has a pop-up warning that tells the user that the software they are installing, can be used for penetration testing and remote access.
It is strange for people to agree to something unrelated to what’s supposed to be a video but curiosity is a powerful motivator.