Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Cross-Platform QuimaRAT MaaS Targets Multiple OS

Cross-Platform QuimaRAT MaaS Targets Multiple OS

Posted on July 6, 2026 By CWS

Security experts have identified a new Java-based remote access trojan (RAT) known as QuimaRAT, which poses threats to Windows, Linux, and macOS systems. This malware is marketed as a malware-as-a-service (MaaS) and offers various subscription options, ranging from $150 for a month to $1,200 for lifetime access, with intermediate pricing for other durations.

Features and Functionality of QuimaRAT

QuimaRAT is built on a modular framework, which allows its capabilities to be expanded through encrypted plugins, managed via its command-and-control (C2) infrastructure. The malware’s creator offers a builder to produce multiple output formats like JAR, EXE, APP, SH, BAT, and VBS, enabling users to customize the malware for specific environments and delivery methods.

The malware is advertised to operate stealthily on Windows and Linux, with no visible user interface elements. However, on macOS, some features require user-granted administrative permissions. The platform’s website claims it is intended for legitimate security research and warns against illegal use.

QuimaRAT Tools and Delivery Mechanisms

QuimaRAT includes four main tools: Quima Control, Quima Builder, Quima Loader, and Quima Dropper. The Quima Loader is particularly significant as it enables the upload of an EXE file, selecting a delivery format and landing page template to generate a stager link. Once accessed by the victim, the malware payload is executed while bypassing Windows’ SmartScreen.

The malware suite is developed as a modular Java project, with embedded native libraries for various operating systems. It uses these components to interact with operating system APIs, supporting wide multi-platform deployment. A lock file mechanism ensures only one instance runs at a time.

Persistence and Command Capabilities

QuimaRAT employs several methods for persistence, such as Registry Run keys and Scheduled tasks on Windows, autostart entries on Linux, and LaunchAgent plist files on macOS. It features a C2 host update mechanism via Pastebin, allowing dynamic infrastructure changes without modifying the payload.

The RAT supports remote command execution, payload delivery, credential theft, and more, providing attackers with extensive control over infected systems. It also enables fileless shellcode execution on Windows and maintains communication with C2 servers through robust recovery mechanisms.

Overall, QuimaRAT presents a significant threat due to its modular design and cross-platform compatibility, offering a persistent and adaptable tool for cybercriminals. Security researchers highlight its advanced obfuscation techniques and dynamic capabilities, underscoring the need for vigilant cybersecurity practices.

The Hacker News Tags:C2 infrastructure, cross-platform malware, cyber threats, Cybersecurity, Java-based RAT, Linux, macOS, malware-as-a-service, modular malware, QuimaRAT, remote access trojan, Windows

Post navigation

Previous Post: TrojPix Hack Threatens Air-Gapped Computers
Next Post: Agent Skill Malware Bypasses AI Security Measures

Related Posts

Critical Telnetd Security Flaw Allows Remote Code Execution Critical Telnetd Security Flaw Allows Remote Code Execution The Hacker News
Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws The Hacker News
Vulnerability in Argo CD Allows Kubernetes Cluster Takeover Vulnerability in Argo CD Allows Kubernetes Cluster Takeover The Hacker News
ShadowLeak Zero-Click Flaw Leaks Gmail Data via OpenAI ChatGPT Deep Research Agent ShadowLeak Zero-Click Flaw Leaks Gmail Data via OpenAI ChatGPT Deep Research Agent The Hacker News
OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities The Hacker News
Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • AI Exploited in Prompt Injection Attacks for Crypto Scams
  • Agent Skill Malware Bypasses AI Security Measures
  • Cross-Platform QuimaRAT MaaS Targets Multiple OS
  • TrojPix Hack Threatens Air-Gapped Computers
  • TrojPix Exploits Pixel Modulation to Leak Data

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • AI Exploited in Prompt Injection Attacks for Crypto Scams
  • Agent Skill Malware Bypasses AI Security Measures
  • Cross-Platform QuimaRAT MaaS Targets Multiple OS
  • TrojPix Hack Threatens Air-Gapped Computers
  • TrojPix Exploits Pixel Modulation to Leak Data

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark