Cybersecurity researchers have flagged a novel Java-based remote access trojan (RAT) called QuimaRAT that targets Windows, Linux, and macOS environments. The malware is advertised under a malware-as-a-service (MaaS) model on underground forums, allowing threat actors to purchase access for as little as $150 per month.
LevelBlue, the research firm that identified the trojan, reports subscription tiers ranging from $300 for longer durations to $1,200 for a lifetime license. This pricing structure suggests the operators aim to attract a broad range of cybercriminals, from low-skill attackers to advanced persistent threat groups.
QuimaRAT leverages Java's cross-platform capabilities, enabling it to execute on all three major desktop operating systems without modification. This makes it particularly dangerous for heterogeneous enterprise environments where security teams often lack unified defenses across different OS platforms.
The malware's functionality includes remote command execution, file exfiltration, and potential keylogging, though full technical details remain under analysis. Its MaaS distribution model lowers the barrier to entry for launching sophisticated attacks, as buyers receive ongoing updates and support.
No patches or specific mitigations have been released yet, but organizations should monitor for suspicious Java processes and restrict execution of unsigned Java applications. The discovery underscores the growing trend of cross-platform threats designed to bypass traditional OS-specific security measures.