
A new strain of remote access Trojan dubbedQrypter RAT (aka Qarallax, Quaverse, QRAT, and Qontroller) hit hundreds of organizations worldwide.
The malware was spotted by security firm Forcepoint, it has been around for a couple of years, it was first analyzedin June 2016, after being used in an attack targeting individuals applying for a U.S. Visa in Switzerland.
The author of Qrypter RAT is an underground group called ‘QUA R&D’ that operates a Malware-as-a-Service (MaaS) platform.
Qrypter RAT is a Java-based RAT that leverages TOR-based command and control (C&C) servers (vvrhhhnaijyj6s2m[.]onion[.]top.). The malware is delivered via small malspam campaigns, in February the researchers observed three campaigns that hit 243 organizations.
“In June 2016 the malware wasusedto target individuals applying for a US Visa in Switzerland, resulting...(continued)