ASEC found that the Quasar RAT malware is being distributed through a private Home Trading System. The Home Trading System (HTS) enables investors to carry out stock trades using their home or office computers, eliminating the need to visit stock trading firms or make phone calls.

The exact method of how the private HTS was installed remains unclear as users are directed to install it through exclusive group chats. However, the team was able to obtain a recent installer.

Diving into details

Most users install HTS from legitimate financial institutions to carry out financial transactions. However, there have been instances where fake investment companies posing as legitimate ones have convinced users to install fake HTS and steal their investments.
  • This is achieved by deceiving users into believing they are earning profits and then disappearing when withdrawals are requested.
  • The other way is by making investors deposit money, which is then taken as service fees.
  • The researchers surmise that the hackers place the FTP server address where the malware is located in the "config.ini" file before distributing the installation file.
  • This leads to the download of the update file, which has the malware compressed within it, resulting in the installation of Quasar RAT in the user's environment.

Why Quasar RAT?

Quasar RAT is an open-source malware developed in .NET. Similar to most RATs, this one offers systems tasks such as registry, process, and file. 
  • It, furthermore, comes with remote command execution and uploading and downloading files features. 
  • Its information collection and keylogging capabilities enable attackers to exfiltrate information from user environments and gain real-time control over compromised systems. 
  • This implies that users who have installed HPlus HTS have had their personal details and credentials potentially stolen. 

The bottom line

The researchers recommend installing HTS from institutional financial firms through their official websites. Installing private HTS via illegal investment financial organizations can lead to a successful compromise of your system and subsequent theft of your personal data, including account credentials.
Cyware Publisher