Cyber security researchers reveal a new malspam marketing campaign that distributes a remote access Trojan (RAT) by claiming to contain US President Donald Trump’s scandalous video.
The emails, with the subject line “GOOD LOAN OFFER!!,” come attached with a Java archive (JAR) file which, when downloaded, installs Qua or Quaverse RAT (QRAT) onto the infiltrated system.
The latest campaign is a variation of the Windows-based QRAT downloader discovered by Trustwave researchers in August.
Moreover, the malicious code of the JAR downloader is split into different randomly-numbered buffers in an attempt to avoid detection.