Close Menu
    What's Hot

    U.S. Can’t ‘Yield Even an Inch’ to Xi on Taiwan

    As Mourners for Khamenei Descend on Tehran, Many Residents Take Flight

    Belgium Expresses Shock After FIFA Lifts U.S. Player’s Suspension

    Facebook X (Twitter) Instagram
    Trending
    • U.S. Can’t ‘Yield Even an Inch’ to Xi on Taiwan
    • As Mourners for Khamenei Descend on Tehran, Many Residents Take Flight
    • Belgium Expresses Shock After FIFA Lifts U.S. Player’s Suspension
    • Opinion | Dating Your Co-Workers Is Fun. It’s Sexy. Go Ahead, Do It.
    • 9 Best Keyboards (2025), Tested and Reviewed
    • Victory Capital: Multiple Avenues Of Growth (NASDAQ:VCTR)
    • Cristiano Ronaldo: Portugal legend confirms 2026 World Cup will be his last ahead of last-16 clash against Spain | Football News
    • New Java-Based QuimaRAT MaaS Built to Run on Windows, Linux, and macOS
    interluknewsinterluknews
    • Home
    • Business
      • Corporate News
      • Industry Insights
      • Startups & Entrepreneurship
      • Technology & Innovation
    • Economy
      • Economic Policy
      • Financial Analysis
      • Inflation & Interest Rates
      • Trade & Markets
    • Global
      • Conflicts & Security
      • Diplomacy
      • Global Trends
      • International Affairs
    • Lifestyle
      • Fashion
      • Food & Dining
      • Personal Development
      • Travel
    • Opinion
      • Columns
      • Editorials
      • Expert Opinions
      • Reader Voices
    • More
      • Politics
        • Elections
        • Government & Policy
        • International Relations
        • Political Analysis
      • Sports
        • Cricket
        • Football / Soccer
        • International Sports
        • Local Sports
      • Technology
        • Artificial Intelligence
        • Cybersecurity
        • Gadgets & Reviews
        • Tech News
      • South Africa News
    Facebook X (Twitter) Instagram
    interluknewsinterluknews
    Cybersecurity

    New Java-Based QuimaRAT MaaS Built to Run on Windows, Linux, and macOS

    adminBy adminJuly 6, 2026No Comments5 Mins Read
    Share Facebook Twitter Pinterest Copy Link Telegram LinkedIn Tumblr Email
    New Java-Based QuimaRAT MaaS Built to Run on Windows, Linux, and macOS
    Share
    Facebook Twitter LinkedIn Pinterest Email

    New Java-Based QuimaRAT MaaS Built to Run on Windows, Linux, and macOS

    Cybersecurity researchers have flagged a novel Java-based remote access trojan (RAT) called QuimaRAT that’s capable of targeting Windows, Linux, and macOS environments.

    According to LevelBlue, the cross-platform malware is advertised under a malware-as-a-service (MaaS) model, costing anywhere between $150 for one month to $1,200 for lifetime access. Other subscription tiers include $300 for three months, $500 for six months, and $700 for twelve months.

    “Built around a modular architecture, the RAT supports dynamic capability expansion through encrypted plugins that can be delivered, loaded, unloaded, and updated directly from its command-and-control (C2) infrastructure,” the cybersecurity company said in an analysis of the malware.

    The malware author also advertises a builder capable of generating multiple output formats, including JAR, EXE, APP, SH, BAT, and VBS, indicating an attempt to help prospective customers package the client tailored for different environments and delivery scenarios.

    The seller’s post guarantees complete stealth on Windows and Linux, noting there are no visible user interface elements or desktop entries. On macOS, however, the threat actor includes a caveat that certain features like screen capture and input control require “user-granted admin permissions.”

    Cybersecurity

    Visiting their website, users are greeted by a pop-up message that states the platform “provides offensive security tooling intended exclusively for professional security research, authorized penetration testing, and controlled educational environments,” warning them against using it for “malicious, unauthorized, or illegal purposes.”

    In all, the threat actor offers four tools –

    • Quima Control (aka QuimaRAT), a remote administration tool with 74 Windows and 46 macOS and Linux modules
    • Quima Builder, a modular builder and launcher toolkit with support for XLL, LNK, VBS, JS, BAT, DOCM, XLSM, MSC, CPL, and CHM file formats
    • Quima Loader, a browser-cache payload delivery service to stage and deliver the malware payload
    • Quima Dropper, an HTML/SVG payload generator

    Quima Loader, particularly, is noteworthy, as it allows an operator to upload an EXE file through a dedicated panel and select a delivery format (e.g., HTA or LNK) and a landing page template (e.g., fake CAPTCHA check or software update alerts), after which the tool generates a stager link that, when opened by the victim in the browser, initiates the following sequence of actions, per the malware developer –

    • The landing page is loaded, and the payload is fetched and held in the browser cache.
    • A Download button appears on the page.
    • Clicking it saves a “small, clean loader file” that’s trusted by the browser.
    • Target runs the loader, which reads the cached payload.
    • The main payload gets executed on the system, while bypassing SmartScreen protections on Windows.

    “A RAT, a builder suite, a web loader, and an HTML dropper — each built around what Windows already trusts,” the author behind the Quima suite claims on their website. “Native execution paths, system-owned resources, clean outputs. AV [antivirus] sees nothing unusual. Neither does the user.”

    LevelBlue’s analysis suggests that QuimaRAT is organized as a modular Java project built using Apache Maven, while containing embedded Java Native Access (JNA) native libraries for Windows, Linux, and macOS across various architectures. It also decodes and parses an internal configuration file necessary for environment validation, persistence installation, and C2 initialisation.

    “These native components allow the RAT to interact directly with low-level operating system APIs through C/C++ code, indicating intentional support for broad multi-platform deployment,” researchers Chen Aviani and Nikita Kazymirskyi said.

    Before execution, the malware ensures only one instance of the trojan is running on the infected machine at any given point in time. It achieves this by creating a lock file within the operating system’s temporary directory and preventing other processes from using it simultaneously. If it detects that another RAT instance is already holding the lock to the file, it terminates execution.

    QuimaRAT is designed to determine the current operating system name, using it to dictate the next course of action, including evading sandboxed and virtual environments, establishing persistence, and serving the main payload. Furthermore, it supports the ability to execute an additional embedded payload or decoy application along with the main RAT process if the functionality, named Binder, is enabled through the configuration.

    Cybersecurity

    The malware sets up persistence using a variety of operating system-specific methods: Registry Run keys, Scheduled tasks, and the Startup folder for Windows, .desktop autostart entries and crontab reboot tasks for Linux, and a LaunchAgent plist file for macOS.

    What’s more, the Trojan incorporates an optional Pastebin-based C2 host update mechanism that is controlled via the configuration. This approach allows the operator to dynamically rotate or replace the C2 infrastructure without having to rebuild and redistribute the payload.

    The end goal of the QuimaRAT is to establish communication with the C2 server over TCP (or alternately via WebSocket, TLS, and HTTPS) to receive and execute commands. A watchdog component built into the malware ensures that the channel remains active and reconnects to it, if contact is lost with the C2 server.

    “QuimaRAT maintains an internal shutdown state flag used to control whether the RAT should continue performing networking, reconnect, watchdog, and recovery operations,” the researchers said. “This mechanism allows QuimaRAT to stop reconnecting, watchdog, and communication recovery operations after shutdown mode is activated.”

    The malware supports a wide range of capabilities, including remote command execution, remote payload and plugin delivery, credential theft, persistence, file transfer, clipboard manipulation, and webcam surveillance, granting the attacker comprehensive control over an infected system.

    Besides these conventional features present in most RAT malware, QuimaRAT facilitates fileless shellcode execution on Windows hosts and a resilient communication framework that enables persistent access to compromised hosts.

    “QuimaRAT should be viewed as a modular Java RAT platform rather than a single static implant,” LevelBlue said. “ProGuard-class obfuscation indicators, Maven Shade relocation, preserved runtime symbols, and synthetic string decryptors further support the assessment that QuimaRAT is designed to rotate static fingerprints without changing its core behavior.”

    built JavaBased Linux MaaS macOS QuimaRAT run Windows
    Follow on Google News Follow on Flipboard
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
    Previous ArticleAI, ex-Soviet engineers, and the Holy Grail of rocketry: Inside the bold bet to rival SpaceX
    Next Article Cristiano Ronaldo: Portugal legend confirms 2026 World Cup will be his last ahead of last-16 clash against Spain | Football News
    admin
    • Website

    Related Posts

    New TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions

    July 6, 2026

    How Bending Spoons built a $23bn tech empire from struggling brands

    July 5, 2026

    Canada’s World Cup run ends in heartache — but politicos embrace soccer

    July 4, 2026
    Leave A Reply Cancel Reply

    Demo
    Latest Posts

    U.S. Can’t ‘Yield Even an Inch’ to Xi on Taiwan

    As Mourners for Khamenei Descend on Tehran, Many Residents Take Flight

    Belgium Expresses Shock After FIFA Lifts U.S. Player’s Suspension

    Opinion | Dating Your Co-Workers Is Fun. It’s Sexy. Go Ahead, Do It.

    Latest Posts

    Subscribe to News

    Get the latest sports news from NewsSite about world, sports and politics.

    Advertisement
    Demo

    We are a digital news platform delivering timely, accurate, and insightful coverage of politics, global affairs, business, economy, sports, and more. Our mission is to keep readers informed with reliable news, clear analysis, and stories that truly matter.
    We're social. Connect with us:

    Facebook X (Twitter) Instagram Pinterest YouTube

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Type above and press Enter to search. Press Esc to cancel.

    Powered by
    ...
    ►
    Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
    None
    ►
    Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
    None
    ►
    Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
    None
    ►
    Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
    None
    ►
    Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
    None
    Powered by