The Quasar RAT malware has exploited the Home Trading System to execute its propagation campaign against its targets. Based on reports, the Home Trading System (HTS) allows investors to execute stock trades through their home or office devices. This feature removes the hassle of visiting stock trading companies or calling advisors.
The precise process of how users installed the private Home Trading System remains a mystery since an exclusive group chat is the only way to acquire HTS. Fortunately, a researcher obtains a sample installer for investigation.
The Quasar RAT may have chosen the HTS as its attack transmitter since it has various tools for efficient propagation.
The Quasar RAT operators could have targeted HTS users since most of them got it from financial institutions that operate financial transactions. Therefore, there have been situations where fake investment companies posing as legitimate firms convinced users to install phone HTS to steal their investments.
The threat actors make this attack successful by fooling users into believing that they are earning profits and then disappear when the users want to withdraw.
Experts claimed that the adversaries placed the FTP server address where the malware could be found before distributing the installation file. This tactic results in downloading the update file, which has the malware inside it, leading to the installation of Quasar RAT in the targeted environment.
Researchers explained that Quasar RAT is an open source [.]net malware, which is similar to most remote access trojans. In addition, it has remote command execution and uploading and downloading files capabilities.
Furthermore, its information collection and keylogging capabilities allow threat actors to exfiltrate stolen data from user environments and acquire real-time control of infected systems.
Hence, the users who have installed the HPlus HTS have had their credentials potentially stolen by the Quasar RAT operators.
Cybersecurity experts suggest that users install HTS from confirmed legitimate institutional financial companies through their official sites. Installing inauthentic HTS through illegal investment financial organisations could lead to financial loss and information compromise.
