Trump Sex Scandal Video Is a RAT
Cyber-attackers are disguising malware as a video file depicting a fake sex scandal involving United States President Donald Trump.
The email-based attack was discovered by cybersecurity researchers at Trustwave who were reviewing their spam traps.
Targets are sent an email with the attachment “TRUMP_SEX_SCANDAL_VIDEO.jar”. Those who click on the malicious Java Archive (JAR) file unwittingly install the Qnode Remote Access Trojan (RAT) onto their computer.
Unusually, the title of the malicious file bore no resemblance to the subject of the email to which it was attached.
When the researchers opened the email “GOOD LOAN OFFER!!,” they expected to discover nothing more than an investment scam. However, attached to the email was an archive containing the malicious JAR file.
"We suspect that the bad guys are attempting to ride the frenzy brought about by the recently concluded Presidential elections since the filename they used on the attachment is totally unrelated to the email’s theme," wrote researchers.
An investigation into the attack revealed that the JAR file is a variant of a QRAT downloader researchers brought to the public's attention in August. Similarities between the new and old variants include Allatori Obfuscator's being used to obfuscate the JAR file and the installer of Node.Js's being retrieved from the official website nodejs.org.
As is the case with the old variants, researchers found that the new downloader supports Windows platforms only.
Researchers noted that while the Trump sex scandal email campaign used to deliver the malwa ..