Security researchers have identified QuimaRAT, a new Java-based remote access trojan designed to operate across Windows, Linux, and macOS systems [1].

The emergence of this tool highlights a growing trend in the commoditization of cybercrime. By utilizing a cross-platform language, the malware allows attackers to compromise diverse corporate and personal environments without needing to rewrite code for different operating systems.

QuimaRAT is distributed via a malware-as-a-service (MaaS) model [1]. This business structure enables threat actors to lease the software for a subscription fee, lowering the technical barrier for entry into sophisticated cyberattacks. The subscription costs for the service range from $150 to $1,200 [1].

The malware employs several technical strategies to evade detection and maintain control over infected hosts. LevelBlue said, "QuimaRAT uses encrypted plugins, OS-specific persistence, and JNA libraries to control Windows, Linux, and macOS systems" [1]. These JNA libraries allow the Java-based code to interact more deeply with the native operating system, facilitating the execution of malicious commands.

Because the trojan is cross-platform, it poses a risk to a wider array of targets than traditional OS-specific malware. The use of encrypted plugins further complicates the task for security software attempting to identify the malware's specific capabilities, or intended targets [1].

Attackers using QuimaRAT can remotely access and control compromised systems, potentially leading to data theft, surveillance, or the deployment of additional ransomware. The flexibility of the MaaS model ensures that the malware can be updated and iterated upon by the developers to bypass new security patches [1].

QuimaRAT is distributed via a malware-as-a-service (MaaS) model.

The rise of QuimaRAT signifies a shift toward platform-agnostic malware, reducing the effort required for hackers to target heterogeneous networks. By leveraging the MaaS model, the developers are professionalizing the delivery of remote access tools, making high-level surveillance and system control accessible to lower-tier criminals who can afford the subscription fee.