The Qnode Remote Access Trojan (QRAT) is currently being distributed via a Trump-themed phishing campaign, masked as a video file that claims to be a Donald Trump sex tape.
A Java-based RAT, QRAT was initially witnessed during 2015 that has been used in many different phishing campaigns over the years, with a vast increase in distribution witnessed since August 2020. Interestingly, the malicious file attachment – titled “TRUMP_SEX_SCANDAL_VIDEO.jar” – bears no resemblance to the phishing email body and subject line, which provides a loan offer for an investment for a dream project or business strategy. The subject line is “GOOD LOAN OFFER,” and the sender claims a loan will be supplied if there is a good return on the investment and between $500,000 and $100 million can be provided. It is not mentioned whether a mistake has been made and the wrong file attachment was placed in the email or if this was a deliberate mismatching of a malicious .jar file. While the emails are trick to fool many end users, there may be sufficient interest in the video to spark the interest of some recipients.
The phishing campaign seems to be poorly composed, but the same cannot be said of the malware the campaign is trying to infiltrate networks with. The recent version of QRAT shared in this campaign is more sophisticated than earlier witnessed versions, with several enhancements made to bypass security solutions. For example, the malicious code deployed as the QRAT downloader is obfuscated and split across many different buffers inside the .jar file.
Phishing campaigns often aim for interest in topical new stories and the Presidential election, claims of election fraud, and recent events at Capitol Hill have seen President Trump trending. It is possible that this will not be the only Trump-themed phishing campaign to be carried out over the coming days and months.
This campaign seems to be concentrated on companies, where the potential profits from a malware infection is likely to be far greater than an attack on consumers. Blocking threats such as this is simplest with an advanced email security solution capable of detecting known and new malware strains.
SpamTitan is an strong, inexpensive spam filtering for businesses and the leading cloud-based spam filter for managed service providers for the SMB sector. SpamTitan uses dual anti-virus engines to spot known malware threats, and a Bitdefender-powered sandbox to spot zero-day malware. The solution also supports the blocking of dangerous file types such as JARs and other executable files.
SpamTitan is excellent for preventing phishing emails without malicious attachments, including emails with hyperlinks to malicious web pages. The solution has many threat detection features that can spot and block spam and email impersonation attacks and machine learning technology and different multiple threat intelligence feeds that provide protection against zero-minute phishing campaigns.
One of the chief reasons why the solution is such as popular option for SMBs and MSPs is simple installation, use, and management. SpamTitan removes the complexity from email security to permit IT teams to focus on other key duties.
SpamTitan is the most highly rates solution on review sites such as Capterra, GetApp and Software Advice, is a top three solution in the three email security classifications on Expert Insights and has been a market leader in the G2 Email Security grids for 10 consecutive quarters.
If you would like a spam filtering solution that is strong and simple to deploy, give the TitanHQ team a call to set up a free trial of SpamTitan.