Hackers have been using a novel method of spreading remote access trojan (RAT) malware.
Researchers with cybersecurity firm Trustwave have identified an email campaign containing a file called “TRUMP_SEX_SCANDAL_VIDEO.jar” that, once clicked, installs QRAT, a malware variant that allows hackers to remotely control their target’s computer.
The malware was documented attached to an email with the subject line “GOOD LOAN OFFER!!” and has seemingly no relation to the promised sex tape of outgoing President Trump.
“We suspect that the bad guys are attempting to ride the frenzy brought about by the recently concluded Presidential elections since the filename they used on the attachment is totally unrelated to the email’s theme,” Trustwave researcher Diana Lopera speculates.
Users who try to download the attachment are also prompted with a popup that warns them that the tool being installed is primarily used for penetration testing.
As part of basic digital hygiene, email users should exercise extreme caution when downloading email attachments, particularly those promising loans and presidential sex tapes within the same message.
Read the Trustwave report here.