What is the issue?
Researchers from Cofense uncovered a new phishing campaign that distributes Quasar RAT onto Windows systems via fake resume attachments.
More details about the campaign
This phishing campaign employs multiple anti-analysis methods and counter-detection measures to camouflage the infection vectors.
“The last significant step the threat actors take to avoid discovery is to download a Microsoft Self Extracting executable. This executable then unpacks a Quasar RAT binary that is 401MB,” researchers said.
About the Quasar RAT
Quasar RAT is a remote administration tool that is capable of opening remote desktop connections, keylogging, stealing credentials, taking screenshots, recording video from webcams, downloading or exfiltrating files, and managing processes on infected machines.