QwixxRAT: A New Windows RAT Spreads Through Telegram and Discord

A new remote access trojan (RAT) called QwixxRAT is being sold on Telegram and Discord platforms. The malware stealthily collects sensitive data from Windows machines and sends it to the attacker's Telegram bot, providing unauthorized access to the victim's information. QwixxRAT is designed to harvest various data, including web browser histories, credit card information, and files. It incorporates anti-analysis features and a clipper to access sensitive information from the clipboard. The RAT's command-and-control is facilitated through a Telegram bot, allowing for additional data collection and control over the infected host. This discovery follows the disclosure of other RAT strains and a campaign using compromised sites to distribute a remote administration software tool.