Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
Telegram and Discord have become the new black market for ransomware.
Cybersecurity company Uptycs has discovered a new remote ransomware program (remote access trojan, RAT) called QwixxRAT, which is distributed and advertised in Telegram and Discord. According to experts, it is designed to collect web history, passwords, screenshots and other confidential data from infected computers.
Attackers offer QwixxRAT at a discount of just 150 rubles a week or 500 rubles for life. There is also a limited free version. The program is written in C# and includes various masking and antianalysis mechanisms.
The collected data is sent to the owner via a Telegram bot, giving him unauthorized access to the victim's systems. Through the same bot, the hacker can issue reverse commands.
QwixxRAT was found a few weeks after it became known about two other rats-RevolutionRAT and Venom Control RAT. According to experts from the company Trellix, attackers will continue to exploit these tools, despite the disclosure, and extract the maximum benefit from them.
A similar campaign was identified earlier. Compromised sites were used to force users to download malware under the guise of a Chrome update. The remote program is called NetSupport Manager RAT and runs in JavaScript.
Experts warn that the threat from RAT is underestimated. Although individual ransomware programs may not be updated, their delivery methods are constantly evolving.
Cybercriminals use social engineering, phishing, and malicious links to spread RAT to unwary users. Often, rats are disguised as useful apps, as is the case with Chrome.
Individual PC owners are advised by researchers to be vigilant and not download suspicious files from unverified sources. It is also important to download antivirus software and regularly update all applications and the operating system. Companies should train employees in cyber hygiene and set up detection mechanisms to detect RAT activity in time.
Law enforcement agencies are asked to report any suspicious activity on Telegram or Discord. Collaboration is more likely to help identify attackers.
Cybersecurity company Uptycs has discovered a new remote ransomware program (remote access trojan, RAT) called QwixxRAT, which is distributed and advertised in Telegram and Discord. According to experts, it is designed to collect web history, passwords, screenshots and other confidential data from infected computers.
Attackers offer QwixxRAT at a discount of just 150 rubles a week or 500 rubles for life. There is also a limited free version. The program is written in C# and includes various masking and antianalysis mechanisms.
The collected data is sent to the owner via a Telegram bot, giving him unauthorized access to the victim's systems. Through the same bot, the hacker can issue reverse commands.
QwixxRAT was found a few weeks after it became known about two other rats-RevolutionRAT and Venom Control RAT. According to experts from the company Trellix, attackers will continue to exploit these tools, despite the disclosure, and extract the maximum benefit from them.
A similar campaign was identified earlier. Compromised sites were used to force users to download malware under the guise of a Chrome update. The remote program is called NetSupport Manager RAT and runs in JavaScript.
Experts warn that the threat from RAT is underestimated. Although individual ransomware programs may not be updated, their delivery methods are constantly evolving.
Cybercriminals use social engineering, phishing, and malicious links to spread RAT to unwary users. Often, rats are disguised as useful apps, as is the case with Chrome.
Individual PC owners are advised by researchers to be vigilant and not download suspicious files from unverified sources. It is also important to download antivirus software and regularly update all applications and the operating system. Companies should train employees in cyber hygiene and set up detection mechanisms to detect RAT activity in time.
Law enforcement agencies are asked to report any suspicious activity on Telegram or Discord. Collaboration is more likely to help identify attackers.
