High
Fake emails have been detected pretending to come from “Reuters News Network”, which is a well known news organization company, using the #COVID19 infection of Donald Trump as a lure to distribute QNodeService RAT. Message body of these phishing emails is in English as well as Arabic. The email claims to break a news from America, about Donald Trump’s health, as the email subject suggests. It has an attachment which is supposed to be a video which in fact is a zip file. The malware has also been used in a Covid-19-themed phishing campaign earlier. Running the file attached in the email led to the download of a new, malware sample written in Node.js; this trojan is dubbed as “QNodeService”.The malware has functionality that enables it to download/upload/execute files, steal credentials from Chrome/Firefox browsers, and perform file management, among other things. It targets Windows systems, but its design and certain pieces of code suggest cross-platform compatibility may be a future goal.
piolozxx[.]ddns[.]net
USA President Donald Trump health is very serious!!!! We have the evidence here
sales@autosellerbulknews[.]life
http[:]//piolozxx[.]ddns[.]net/