Security News > 2021 > January > It’s Not the Trump Sex Tape, It’s a RAT
"The email, with the subject"GOOD LOAN OFFER!!," at first glance, looks like a usual investment scam," Lopera said in the report about the find.
"No obfuscation in the email headers or body is found. Interestingly, attached to the email is an archive containing a Java Archive file called"TRUMP SEX SCANDAL VIDEO.jar.
JAR file is being run for remote penetration testing, the report said.
"Upon the execution of the file "TRUMP SEX SCANDAL VIDEO.jar", a copy of it is created and then executed from the %temp% folder," Lopera said.
JAR file contained information about the QHub service subscription necessary to communicate with the C2 server, the report said.
"The information about the QHub service subscription user we observed in the earlier variant is no longer contained in the JAR file," Lopera said.