Researchers have uncovered QuimaRAT, a Java-based malware-as-a-service that targets Windows, Linux and macOS with over 70 built-in modules.
Cybersecurity researchers have uncovered a new malware platform designed to run on all three major desktop operating systems, giving attackers a single tool that works across Windows, Linux and macOS.
Known as QuimaRAT, the malware is being marketed on underground forums as a malware-as-a-service (MaaS) offering. Instead of building their own malware, criminals can pay a subscription fee to access the platform, making it easier for less experienced attackers to launch campaigns.
One of QuimaRAT’s biggest selling points is its cross-platform design. Because it is written in Java, much of the code works regardless of the operating system. Only a small number of components need to change depending on whether the victim is using Windows, Linux or macOS.
Researchers say the malware is built around a modular framework with more than 70 available components. Once it reaches a system, QuimaRAT checks whether another copy is already running, looks for signs that it’s being analyzed in a virtual machine and then installs persistence mechanisms so it can survive a reboot.
After establishing itself, the malware contacts a remote command server and waits for instructions. From there, attackers can manage infected devices, move files, execute commands and load additional modules depending on what they want to accomplish.
The malware also stores its configuration in an encrypted file embedded inside the application, making it more difficult for analysts to examine. Researchers found that it uses Java Native Access libraries to interact more directly with each operating system when higher-level system access is needed.
QuimaRAT is currently advertised with a graphical control panel, AES-256 encryption and subscription plans ranging from $150 per month to $1,200 for lifetime access. While researchers have not linked it to any known hacking group or active attacks, its availability on cybercrime forums means it could quickly find its way into the hands of a wide range of threat actors.
The discovery reflects a broader shift in the underground marketplace. Rather than creating malware for a single operating system, developers are increasingly building tools that work almost anywhere. That not only expands the pool of potential victims but also allows cybercriminals to manage different types of attacks without maintaining separate malware families.
For defenders, the takeaway is straightforward. Malware is becoming more portable, more modular and easier to obtain, meaning organizations can’t afford to focus on protecting just one operating system. As platforms like QuimaRAT become more widely available, cross-platform threats are likely to become increasingly common.
Related articles :
__Reports are sourced from official documents, law-enforcement updates, and credible investigations.
Discover additional reports, market trends, crime analysis and Harm Reduction articles on DarkDotWeb to stay informed about the latest dark web operations.__