Threat actors have been ramping up promotions for the new QwixxRAT information-stealing malware on Discord and Telegram, while the NetSupport Manager RAT has been leveraged in a new ongoing malware campaign, reports The Hacker News.
Aside from exfiltrating browser data, keystrokes, screenshots, credit card details, and data from Telegram and Steam, the QwixxRAT malware also features environment checking and sleep functionality in a bid to bypass detection, according to a report from Uptycs. Researchers also discovered a clipper within the malware that could be leveraged to enable cryptocurrency asset theft.
Meanwhile, a Trellix report showed that fraudulent Chrome web browser updates have been used by threat actors to facilitate the installation of the NetSupport Manager RAT remote administration software tool, a process similar to what has been used in the SocGholish malware campaign.
"The abuse of readily available RATs continues as these are powerful tools capable of fulfilling the adversaries needs to carry out their attacks and achieve their objectives. While these RATs may not be constantly updated, the tools and techniques to deliver these payloads to potential victims will continue to evolve," said Trellix.
