Qwixxrat

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
QwixxRAT is a new form of malware that emerged in August 2023, as reported by SC Magazine and The Hacker News. This information-stealing software has been actively promoted on platforms like Discord and Telegram by threat actors. It's part of an ongoing malicious campaign alongside the deployment of another Remote Access Trojan (RAT) known as NetSupport Manager. The QwixxRAT malware has a wide range of capabilities, making it a significant threat to users' privacy and data security. According to a report from Uptycs, this malware can exfiltrate browser data, keystrokes, screenshots, credit card details, and data from applications like Telegram and Steam. Additionally, it features environment checking and sleep functionality, which are tactics designed to bypass detection mechanisms, thereby increasing its potential for damage. This new wave of malware attacks, especially with the emergence of sophisticated tools like QwixxRAT, emphasizes the need for increased vigilance and robust cybersecurity measures. Users should be wary of suspicious downloads, emails, or websites, as these are common channels for malware infection. Organizations, too, should ramp up their security protocols to protect against such threats, given the severity of the potential impact on operations and sensitive data.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Netsupport Manager
1
NetSupport Manager is a malicious software (malware) that poses significant threats to computer systems and networks. It is often disguised as legitimate software or tools, such as the 7-zip compression utility or a fake Chrome browser update, to trick users into downloading and installing it. Once
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Rat
Telegram
Discord
Malware
Exploit
Known Exploi...
Cybercrime
Denial of Se...
Windows
Bot
WinRAR
Proxy
netscaler
Ransomware
RCE (Remote ...
Phishing
Android
Zimbra
Ios
Linux
Uptycs
Moveit
Trojan
Vulnerability
Remote Code ...
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
MontiUnspecified
1
The Monti ransomware group emerged in June 2022, shortly after the shutdown of operations by the Conti ransomware gang. Monti initially drew attention by mimicking the tactics of the Conti group, even employing its leaked source code to develop their own encryptor. The malicious software is known fo
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
APT29Unspecified
1
APT29, also known as Cozy Bear, Nobelium, The Dukes, Midnight Blizzard, SVR group, and BlueBravo, is a notable threat actor linked to Russia. This group has gained notoriety over the years for its sophisticated cyberattacks against various targets. Recently, APT29 exploited a zero-day vulnerability
Bronze StarlightUnspecified
1
Bronze Starlight, a threat actor linked to China, has been implicated in a series of cyber-espionage activities and ransomware attacks. As reported by Secureworks, a Dell Technologies company, in 2022, Bronze Starlight targeted companies with ransomware, while also engaging in more clandestine activ
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Qwixxrat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
a year ago
Security Affairs newsletter Round 433 by Pierluigi Paganini
CERT-EU
a year ago
Latin America fintechs targeted by novel JanelaRAT malware
CERT-EU
a year ago
The Week in Security: Researchers hack 'unbreakable' card-shuffling hardware, Discord.io shut after breach
CERT-EU
a year ago
Data exfiltration tools by APT31 group detailed
CERT-EU
a year ago
Infostealers expose 100K hackers' computers
CERT-EU
a year ago
New QwixxRAT emerges, NetSupport Manager RAT deployed in new campaign
CERT-EU
a year ago
Over 100K hackers fall victim to infostealer malware
CERT-EU
a year ago
Updated Raccoon Stealer better evades detection
CERT-EU
a year ago
LolekHosted seized, five admins arrested following police operation
CERT-EU
a year ago
New QwixxRAT Trojan Spreads Through Messaging Apps
Securityaffairs
a year ago
QwixxRAT, a new Windows RAT appears in the threat landscape