The malware double extortion website is again up, with new victims and a message: “Despite your hopes, we are with you again”.
Technical analysis by the Malware Hunter JAMESWT
New global QNodeService campaign via fake DHL invoices
QNodeService is hiding inside a fake DHL invoice, as part of a global cybercrime malspam campaign. The message contains a compressed attachment in jar format. This, when opened, works as a Java downloader to download the malware. QNodeService is a trojan capable of stealing credentials, loading other payloads into the computer and performing further operations. It mostly targets Windows systems, but may hit even more in the future.