Security News > 2023 > August > QwixxRAT: New Remote Access Trojan Emerges via Telegram and Discord
A new remote access trojan called QwixxRAT is being advertised for sale by its threat actor through Telegram and Discord platforms.
"Once installed on the victim's Windows platform machines, the RAT stealthily collects sensitive data, which is then sent to the attacker's Telegram bot, providing them with unauthorized access to the victim's sensitive information," Uptycs said in a new report published today.
The cybersecurity company, which discovered the malware earlier this month, said it's "Meticulously designed" to harvest web browser histories, bookmarks, cookies, credit card information, keystrokes, screenshots, files matching certain extensions, and data from apps like Steam and Telegram.
A C#-based binary, QwixxRAT comes with various anti-analysis features to remain covert and evade detection.
Command-and-control is facilitated by means of a Telegram bot, through which commands are sent to carry out additional data collection such as audio and webcam recordings and even remotely shutdown or restart the infected host.
The disclosure comes weeks after Cyberint disclosed details of two other RAT strains dubbed RevolutionRAT and Venom Control RAT that's also advertised on various Telegram channels with data exfiltration and C2 connectivity features.
News URL
https://thehackernews.com/2023/08/qwixxrat-new-remote-access-trojan.html
Related news
- Chinese hackers use Visual Studio Code tunnels for remote access (source)
- Remote Access Checklist (source)
- BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356) (source)
- Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (source)