QuasarRAT Using Rich Text Format Documents To Spread Malware

Quasar is a remote access trojan (RAT) which uses Rich Text Format (RTF) documents to spread malware. The malicious documents are Excel spreadsheets which include a macro. The RTF document has the “.doc” extension and when opened in Microsoft Word a repeated warning popup is displayed. During this time a PowerShell command is executed to deliver the payload, which allows a remote attacker to access the computer, log keystrokes and edit the registry.

QuasarRAT is a .NET framework open-source remote access trojan family used in cyber-criminal and cyber-espionage campaigns to target Windows operating system devices. It is often delivered via malicious attachments in phishing and spear-phishing emails. Some of its features include:

  • TCP network stream
  • Compressed and encrypted communication
  • UPnP support
  • Task manager
  • File manager
  • Remote desktop
  • Remote webcam
  • Remote shell
  • Download
  • Upload
  • Computer commands
  • Keylogger
  • Reverse proxy
  • Password recovery
  • Registry editor

Affected Platforms:

  • Microsoft Windows – all versions

Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.