The capabilities of this trojan malware include stealing passwords, keylogging, file browsing, taking screenshots and more, which all enable hackers to gain access to sensitive information.

Now cybersecurity researchers at Trustwave have identified a new QRat campaign that is attempting to lure people into downloading the latest version of the malware, something they describe as "significantly enhanced".

The initial phishing email claims to offer the victim a loan with a "good return on investment" that could potentially catch the eye of victims. However, the malicious attachment isn't related to the subject of the phishing email at all, instead claiming to contain a video of President Donald Trump.

Researchers suggest the attackers have opted for this attachment based on what is currently newsworthy. Whatever the reason, attempting to open the file – a Java Archive (JAR) file – will result in running an installer for QRat malware.

The malware uses several layers of obfuscation in order to avoid being detected as malicious activity – and it has also added new techniques in order to provide additional means of avoiding detection.

However, the process even comes with a pop-up warning, telling the user the software they're installing can be used for remote access and penetration testing – if the user accepts, this QRat is downloaded onto the system, with the malware being retrieved by modular downloads to help avoid detection.

It might seem strange that people would agree to this when it seems unrelated to the supposed video they're trying to access, but manipulating curiosity is still an incredibly useful tactic deployed by cyber criminals.

Rat

The spamming out of malicious JAR files, which often lead to RATs such as this, is quite common. Email administrators should be looking to take a hard line against inbound JARs and block them in their email security gateways," said Diana Lopera, senior security researcher at Trustwave.

A North Korean hacking group is utilizing the RokRat Trojan in a fresh wave of campaigns against the South Korean government.

The Remote Access Trojan (RAT) has been connected to attacks based on the exploit of a Korean language word processor commonly used in South Korea for several years; specifically, the compromise of Hangul Office documents (.HWP).