Remote access trojans (RATs) are legacy threats that continue to evolve alongside an expanding and ever-changing threat landscape.
Following our recently published articles about novel and notable RATs, including KarstoRAT, the latest version of ClickFix, and ClickFix’s macOS variant, we analyzed QuimaRAT, a novel Java-based RAT that targets Windows, Linux, and macOS environments and is currently being sold on the dark web as a subscription-based RAT platform.
Our in-depth analysis of a QuimaRAT sample found:
- On the dark web forum post where the threat actor advertises QuimaRAT, it’s referred to as “QuimaRAT v2.0.” It’s advertised as having “70+ modules”, “AES-256 encryption”, “FUD (Fully Undetectable)” and a “GUI panel.”
- The QuimaRAT seller advertises it as a malware-as-a-service (MaaS), with prices ranging from $150 for one month, $300 for three months, $500 for six months, $700 for twelve months, and $1,200 for lifetime access.
- QuimaRAT has two distinct pom.xml files, which indicates that QuimaRAT is organized as a modular Java project built using Apache Maven.
Download the report to explore QuimaRAT’s evolving capabilities, subscription-based distribution model, and impact across Windows, Linux, and macOS environments.
