Novel Quasar RAT variant deployed by Blind Eagle
Blind Eagle, an advanced persistent threat operation, has introduced a new variant of the Quasar RAT backdoor named BlotchyQuasar, targeting insurance organizations in Colombia. The attack begins with phishing emails that impersonate the Colombian tax authority, enticing victims to click on links that lead to a Google Drive folder containing a ZIP archive which executes BlotchyQuasar. This malware variant is capable of keystroke logging, executing shell commands, monitoring banking and payment services, and exfiltrating data from browsers and FTP clients. It also retrieves command-and-control domain information using Pastebin as a dead drop resolver and evades detection with ConfuserEx and DeepSea obfuscation tools. Blind Eagle continues to hide its infrastructure using VPNs and compromised routers, mainly within Colombia, as observed by Zscaler ThreatLabz researcher Gaetano Pellegrino. Malware: BlotchyQuasar [View Article](https://www.scmagazine.com/brief/novel-quasar-rat-variant-deployed-by-blind-eagle)