Find notable cyber news and cases, enriched with sources, timelines, and signals.

QuimaRAT cross-platform Java MaaS remote access trojan

Malware Activity
First reported
Last updated
Happening score
H score 29
1 unique sources, 1 articles

Summary

Hide ▲

A new QuimaRAT MaaS offering expands cross-platform malware risk by packaging a modular Java-based RAT for Windows, Linux, and macOS. The activity matters because the tool combines remote control, credential theft, persistence, and payload delivery in a commercially sold bundle.

Related Happenings

SHub Reaper macOS infostealer variant

Malware Activity
H score23 First: 19.05.2026 00:42 Last: 19.05.2026 00:42 Sources 1

About this happening: The **SHub Reaper** macOS infostealer now uses **AppleScript** and a fake **Apple security update** lure to infect Macs, raising the risk of credential theft and remote access. It...

BirdCall Android spyware variant

Malware Activity
H score4 First: 05.05.2026 12:04 Last: 05.05.2026 12:04 Sources 1

About this happening: The **BirdCall** Android spyware variant expanded a known **Windows** backdoor into a mobile surveillance tool with **file exfiltration** and device reconnaissance capabilities. I...

GhostLoader staged npm install payload activity

Malware Activity
H score30 First: 24.03.2026 14:00 Last: 24.03.2026 14:00 Sources 1

About this happening: **GhostLoader** is now being delivered through **staged npm install scripts**, turning routine package installation into a route for **data theft** and **cryptocurrency wallet** t...

UAT-9244 TernDoor, PeerTime, and BruteEntry malware activity

Malware Activity
H score22 First: 06.03.2026 01:19 Last: 06.03.2026 01:19 Sources 1

About this happening: A **China-linked** malware cluster has been using **TernDoor**, **PeerTime**, and **BruteEntry** to compromise **telecommunication providers in South America** and turn infected s...

Atomic MacOS Stealer (AMOS) distribution through AI-app lures, SEO poisoning, and supply-chain abuse

Malware Activity
H score31 First: 12.02.2026 16:25 Last: 12.02.2026 16:25 Sources 1

About this happening: **Atomic MacOS Stealer (AMOS)** is being distributed to **macOS users** through **ClickFix-style Terminal prompts** that silently **download, mount, and launch DMG payloads**. In...

Timeline

  1. 06.07.2026 11:13 2 articles · 3d ago

    LevelBlue flags QuimaRAT as a cross-platform Java MaaS RAT

    Initial Disclosure

    LevelBlue identifies QuimaRAT as a Java-based remote access trojan sold under a malware-as-a-service model for Windows, Linux, and macOS, with modular encrypted plugins, browser-cache payload staging, OS-specific persistence, watchdog-based reconnects, and capabilities that include remote command execution, credential theft, file transfer, clipboard manipulation, webcam surveillance, and fileless shellcode execution on Windows.

    Show sources