A Trump-themed phishing campaign has been detected that attempts to deliver the Qnode Remote Access Trojan (QRAT) under the guise of a video file that appears to be a Donald Trump sex tape.
QRAT is a Java-based RAT that was first detected in 2015 that has been used in several phishing campaigns over the years, with an uptick in distribution observed from August 2020. Interestingly, the malicious file attachment – named “TRUMP_SEX_SCANDAL_VIDEO.jar” – bears no relation to the phishing email body and subject line, which offers a loan as an investment for a dream project or business plan. The subject line is “GOOD LOAN OFFER,” and the sender claims a loan will be provided if there is a good return on the investment and between $500,000 and $100 million can be provided. It is unclear whether an error has been made and the wrong file attachment was added to the email or if this was a deliberate mismatching of a malicious .jar file. While the emails are unlikely to fool many end users, there may be enough interest in the video to pique the interest of some recipients.
The phishing campaign does appear to be poorly constructed, but the same cannot be said of the malware the campaign attempts to deliver. The version of QRAT delivered in this campaign is more sophisticated than previously detected versions, with several improvements made to evade security solutions. For instance, the malicious code used as the QRAT downloader is obfuscated and split across several different buffers within the .jar file.
Phishing campaigns often take advantage of interest in popular new stories and the Presidential election, allegations of election fraud, and recent events at Capitol Hill have seen President Trump trending. It is likely that this will not be the only Trump-themed phishing campaign to be conducted over the next few days and months.
This campaign appears to target businesses, where the potential returns from a malware infection is likely to be far higher than an attack on consumers. Blocking threats such as this is easiest with an advanced email security solution capable of detecting known and new malware variants.
SpamTitan is an advanced, cost-effective spam filtering for businesses and the leading cloud-based spam filter for managed service providers serving the SMB market. SpamTitan incorporates dual anti-virus engines to identify known malware threats, and a Bitdefender-powered sandbox to identify zero-day malware. The solution also supports the blocking of risky file types such as JARs and other executable files.
SpamTitan is also effective at blocking phishing emails without malicious attachments, such as emails with hyperlinks to malicious websites. The solution has multiple threat detection features that can identify and block spam and email impersonation attacks and machine learning technology and multiple threat intelligence feeds that provide protection against zero-minute phishing attacks.
One of the main reasons why the solution is such as popular choice with SMBs and MSPs is the ease of implementation, use, and maintenance. SpamTitan takes the complexity out of email security to allow IT teams to concentrate on other key tasks.
SpamTitan is the most and top-rated email security solution on Capterra, GetApp and Software Advice, is a top three solution in the three email security categories on Expert Insights and has been a leader in the G2 Email Security grids for 10 consecutive quarters.
If you want a spam filtering solution that is effective and easy to use, look no further than SpamTitan. For more information, give the TitanHQ team a call. SpamTitan is also available on a free trial to allow you to evaluate the solution in your own environment before deciding on a purchase.