The malware double extortion website is again up, with new victims and a message: “Despite your hopes, we are with you again”.
Cybercrime, QNodeService campaign via fake DHL invoices
Technical analysis by the Malware Hunter JAMESWT
New global QNodeService campaign via fake DHL invoices
QNodeService is hiding inside a fake DHL invoice, as part of a global cybercrime malspam campaign. The message contains a compressed attachment in jar format. This, when opened, works as a Java downloader to download the malware. QNodeService is a trojan capable of stealing credentials, loading other payloads into the computer and performing further operations. It mostly targets Windows systems, but may hit even more in the future.