Qarallax is a remote access trojan (RAT) and infostealer created using the open-source software LaZagne. The RAT allows threat actors to follow mouse movements and clicks, log keystrokes, record the output of the webcam and screen, and obtain credentials stored inside the system. It is available for purchase on a site accessed via the Tor network. The malware developers are constantly evolving and upgrading Qarallax. The malicious file is a Java application that runs on operating systems with Java Runtime Environment (JRE) installed and runs silently in the background without the user's knowledge. At the time of writing, the malware has been observed distributing via spam emails, with most antivirus vendors not detecting the file as malicious.

Technical Details

Certego provides additional technical details, including IoCs here.