Cybesecurity researchers today revealed a new malspam campaign that distributes a remote access Trojan (RAT) by purporting to contain a sex scandal video of U.S. President Donald Trump.
The emails, which carry with the subject line “GOOD LOAN OFFER!!,” come attached with a Java archive (JAR) file called “TRUMP_SEX_SCANDAL_VIDEO.jar,” which, when downloaded, installs Qua or Quaverse RAT (QRAT) onto the infiltrated system.
“We suspect that the bad guys are attempting to ride the frenzy brought about by the recently concluded Presidential elections since the filename they used on the attachment is totally unrelated to the email’s theme,” Trustwave’s Senior Security Researcher Diana Lopera said in a write-up published today.
The latest campaign is a variant of the Windows-based QRAT downloader Trustwave researchers discovered in August.
The infection chain starts with a spam message containing an embedded attachment or a link pointing to a malicious zip file, either of which retrieves a JAR file (“Spec#0034.jar”) that’s scrambled using the Allatori Java obfuscator.
This first stage downloader sets up the Node.Js platform onto the system and then downloads and executes a…
http://feedproxy.google.com/~r/TheHackersNews/~3/GsyEkjDf4OI/hackers-using-fake-trumps-scandal-video.html