QuasarRAT Using Rich Text Format Documents To Spread Malware
Quasar is a remote access trojan (RAT) which uses Rich Text Format (RTF) documents to spread malware. The malicious documents are Excel spreadsheets which include a macro. The RTF document has the “.doc” extension and when opened in Microsoft Word a repeated warning popup is displayed. During this time a PowerShell command is executed to deliver the payload, which allows a remote attacker to access the computer, log keystrokes and edit the registry.
QuasarRAT is a .NET framework open-source remote access trojan family used in cyber-criminal and cyber-espionage campaigns to target Windows operating system devices. It is often delivered via malicious attachments in phishing and spear-phishing emails. Some of its features include:
- TCP network stream
- Compressed and encrypted communication
- UPnP support
- Task manager
- File manager
- Remote desktop
- Remote webcam
- Remote shell
- Download
- Upload
- Computer commands
- Keylogger
- Reverse proxy
- Password recovery
- Registry editor
Affected Platforms:
- Microsoft Windows – all versions
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.
Pingback: PsiXBot Malware - SystemTek