What is QuasarRAT?
QuasarRAT (S0262) is an open-source Remote Administration Tool (RAT). Cybercriminals use this potent tool for data theft and system control.
It operates stealthily, giving attackers a wide range of capabilities. These include a keylogger to capture credentials, screen and video capture for surveillance, and the ability to steal saved passwords from browsers. Attackers can also execute commands, manage files on the infected system, and move laterally within a network.
How to Defend Against QuasarRAT?
Defending against QuasarRAT requires preventing the initial infection and detecting its command-and-control (C2) activity.
- Be cautious with email attachments and downloads, which are the primary delivery vectors for this malware.
- Keep all operating systems and software patched to limit the vulnerabilities that can be exploited for initial access.
- Deploy endpoint detection to identify and block the execution of known RATs and their associated behaviors.
- Use network detection (NDR) with integrated threat intelligence to spot and block QuasarRAT’s C2 communications.
