The Quaverse Remote Access Trojan–affectionately dubbed QRat–has been with us since at least 2015.
It’s a good piece of malware because it’s notoriously difficult to detect and it provides high value information like passwords, sensitive files, screenshots and more.
In addition to remotely offloading files, hackers can assume complete control over any infected system. In the malware world, it doesn’t get much better than that. This year, however, cybersecurity professionals have discovered a new campaign that they’re describing as “significantly enhanced.”
It’s common knowledge that hackers and scammers rely on social engineering techniques to try and entice email recipients to click on links embedded in their messages or files they have attached. These are the most common ways that malware finds its way onto targeted systems.
In this case, the hackers are relying on greed and the realities of the economic hardships caused by the Covid-19 Pandemic. The email offers the recipient a loan with “a good return on investment,” with an attachment that claims to be a video message from President Donald Trump.
Anyone foolish enough to click on the “video message” (which actually isn’t a video and contains no message from Trump or anyone else), will wind up with the malware installed on their system.
If a recipient stopped to think about the message and the purported attachment, they’d almost certainly not click on the “video file” but part of the magic of social engineering lies in the fact that the message creates a self-contained reality that sucks the reader in. In this case, it goes something like this;
Times have been hard. The pandemic has put me in a financial bind. Here’s a loan that promises to be a “good investment” and it’s apparently supported by the President. Okay, I want to know more.
Looking at it objectively, there’s no good reason why it should work, but it does. Be on the alert for it and make sure your employees are aware of the threat.