Hundreds of organizations all around the world have been targeted in a series of attacks that leverage the Qrypter remote access Trojan (RAT), security firm Forcepoint says.
The malware, often mistaken for the
Adwind cross-platform backdoor, has been around for a couple of years, and was developed by an underground group called ‘QUA R&D’, which offers a Malware-as-a-Service (MaaS) platform.
Also known as Qarallax, Quaverse, QRAT, and Qontroller, Forcepoint explains that Qrypter is a Java-based RAT that leverages TOR-based command and control (C&C) servers. It was first detailed in June 2016, after being used in an attack targeting individuals applying for a U.S. Visa in Switzerland.
The malware is typically delivered via malicious email campaigns that usually consist of only a few hundred messages each. However, Qrypter continues to rise in prominence, and three Qrypter-related campaigns observed in February 2018 affected 243 organizations in total, Forcepoint's security researchers
say.
