A new distant entry trojan (RAT) known as QwixxRAT is being bought by its risk actor on platforms like Telegram and Discord. Once put in on a Windows platform, the RAT collects delicate information and sends it to the attacker’s Telegram bot, giving them unauthorized entry to the sufferer’s data. The malware is designed to gather numerous sorts of information, together with net browser historical past, bank card data, and keystrokes.
QwixxRAT is a C#-based binary that makes use of anti-analysis options to evade detection. It has a sleep operate to introduce delays in execution and checks to find out if it is in a sandbox or digital atmosphere. It can monitor particular processes and halt its personal exercise if detected. The RAT additionally features a clipper that accesses delicate data on the machine’s clipboard for illicit fund transfers from cryptocurrency wallets.
Command-and-control for QwixxRAT is finished by way of a Telegram bot, which permits the attacker to ship instructions for added information assortment, reminiscent of audio and webcam recordings. The contaminated host may also be remotely shutdown or restarted. This discovery comes after the disclosure of two different RAT strains, RevolutionRAT and Venom Control RAT, which had been additionally marketed on Telegram channels.
QwixxRAT is accessible for buy at 150 rubles for weekly entry or 500 rubles for a lifetime license. It additionally affords a restricted free model.
Source hyperlink