"New QwixxRAT Trojan Spreads Through Messaging Apps"
A new cybersecurity threat known as QwixxRAT, a Remote Access Trojan (RAT), was recently discovered by the Uptycs Threat Research team in early August 2023. According to the researchers, QwixxRAT has caught attention due to its unusual distribution method. The threat actor behind it is spreading the malicious tool through popular communication platforms, Telegram and Discord. The researchers noted that once it gains access to a victim's Windows-based machine, QwixxRAT discreetly collects sensitive data, sending it to the attacker's Telegram bot. The researchers stated that beyond mere data theft, QwixxRAT wields formidable remote administrative tools, enabling attackers to control victim devices, launch commands, and even destabilize systems. To evade detection, the RAT employs a Telegram bot for command-and-control functionalities. This also allows the attacker to remotely manage the RAT and execute operations without triggering antivirus alarms. The researchers noted that QwixxRAT's impact is global, as its reach has been observed in evaluations of compromised systems worldwide. The researchers noted that from a technical standpoint, the RAT file is a C# compiled binary, functioning as a 32-bit executable file designed for CPU operations. The researchers revealed that the threat actor employed two distinct names for the same Remote Access Trojan (RAT). One alias used was "Qwixx Rat," while the other was identified as "TelegramRAT." The main function consists of a total of 19 individual functions, each serving a unique purpose.
Infosecurity reports: "New QwixxRAT Trojan Spreads Through Messaging Apps"