While outgoing US President Donald Trump continues to grab headlines for all the wrong reasons, cybercriminals are attempting to cash in on his final days in office to deliver malware to through a new email scam.
A new variant of the Quaverse Remote Access Trojan (QRAT), uncovered by security researchers at Trustwave, is being spread through malicious emails offering users a scandalous video involving Trump, but serving them a remote-access trojan instead.
A remote-access trojan is a software tool used to take control of an unsuspecting user’s computer under the guise of installing another program or accessing movies or music. Users installing ‘pirated’ software or downloading programs from unknown websites might also be at risk of infecting their systems.
According to the researchers, the email being sent out to users bears the subject “GOOD LOAN OFFER!!” but contains an attachment containing a Java Archive (JAR) file called “TRUMP_S**_SCANDAL_VIDEO.jar”.
The blog post explains that the trojan is similar to the other malware they have previously unearthed and only works on Windows.
Once a user downloads and opens the attachment, they are presented with a dialog that informs the user that a remote access tool needs to be installed for network penetration testing. Users who click the “Ok, I know what I am doing” button will give the trojan’s creators remote access to their computer.
Trustwave researcher Diana Lopera wrote that the researchers suspect that the trojan’s creators were attempting to ‘ride the frenzy’ brought about by the recently concluded Presidential elections since the filename they used on the attachment was totally unrelated to the email’s theme.