New Java-Based QuimaRAT MaaS Targets Windows, Linux, macOS
Cybersecurity researchers have identified a new Java-based remote access trojan (RAT) named QuimaRAT, which is designed to operate across Windows, Linux, and macOS operating systems. This cross-platform malware is being offered through a malware-as-a-service (MaaS) model, according to a report by LevelBlue. The pricing for QuimaRAT subscriptions ranges from $150 for one month of access to $1,200 for lifetime access. Intermediate subscription options are also available, including a $300 tier.
QuimaRAT's architecture allows it to function effectively on diverse operating systems by leveraging the Java Virtual Machine (JVM). This enables threat actors to deploy a single piece of malware that can compromise a wide array of endpoints without needing to develop separate versions for each platform. The MaaS model lowers the barrier to entry for cybercriminals, allowing them to rent or purchase the malware and its associated infrastructure rather than developing it themselves.
LevelBlue's analysis indicates that QuimaRAT provides functionalities typical of remote access trojans, including the ability to execute commands, transfer files, and potentially exfiltrate sensitive data from infected systems. The sophistication of the malware, combined with its MaaS distribution, poses a significant threat to organizations and individuals using any of the targeted operating systems. The report did not specify the exact date of discovery but highlighted the ongoing nature of the threat.
The Java-based nature of QuimaRAT is a key characteristic, as Java is widely used across many applications and systems. This broad applicability means that vulnerabilities exploited by QuimaRAT could be present in numerous environments. The MaaS approach further amplifies the potential impact by making the tool accessible to a larger pool of malicious actors, potentially leading to an increase in targeted attacks and widespread infections.
Original source — read the full reporting at the publisher:
Read on The Hacker News