🟠 High  |  Source: The Hacker News


QuimaRAT is a new Java-based remote access trojan sold as a subscription service, capable of compromising Windows, Linux, and macOS systems. Its cross-platform design makes it particularly dangerous in cloud and hybrid environments where mixed operating systems are common. Priced from £150/month, its low barrier to entry means a wide range of threat actors can deploy it.

Security Architect’s Take: Audit your cloud workloads for unauthorised Java runtimes and ensure EDR coverage extends to Linux-based instances and containers, as these are frequently under-monitored. Block outbound connections from compute instances to known MaaS infrastructure using egress filtering and enforce application allowlisting where feasible.

Original advisory: New Java-Based QuimaRAT MaaS Built to Run on Windows, Linux, and macOS