Security News > 2023 > August > QwixxRAT: New Remote Access Trojan Emerges via Telegram and Discord

QwixxRAT: New Remote Access Trojan Emerges via Telegram and Discord
2023-08-14 15:54

A new remote access trojan called QwixxRAT is being advertised for sale by its threat actor through Telegram and Discord platforms.

"Once installed on the victim's Windows platform machines, the RAT stealthily collects sensitive data, which is then sent to the attacker's Telegram bot, providing them with unauthorized access to the victim's sensitive information," Uptycs said in a new report published today.

The cybersecurity company, which discovered the malware earlier this month, said it's "Meticulously designed" to harvest web browser histories, bookmarks, cookies, credit card information, keystrokes, screenshots, files matching certain extensions, and data from apps like Steam and Telegram.

A C#-based binary, QwixxRAT comes with various anti-analysis features to remain covert and evade detection.

Command-and-control is facilitated by means of a Telegram bot, through which commands are sent to carry out additional data collection such as audio and webcam recordings and even remotely shutdown or restart the infected host.

The disclosure comes weeks after Cyberint disclosed details of two other RAT strains dubbed RevolutionRAT and Venom Control RAT that's also advertised on various Telegram channels with data exfiltration and C2 connectivity features.


News URL

https://thehackernews.com/2023/08/qwixxrat-new-remote-access-trojan.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Telegram 6 6 26 3 0 35