According to Trend Micro, this is a Node.js based malware, that can download/upload/execute files, steal credentials from Chrome/Firefox browsers, and perform file management, among other things. It targets Windows and has components for both 32 and 64bit.
|2020-11-19 ⋅ Telsy ⋅ |
QNodeService stepped up its features while operated in widespread credential-theft campaigns
|2020-05-14 ⋅ Trend Micro ⋅ |
QNodeService: Node.js Trojan Spread via Covid-19 Lure
There is no Yara-Signature yet.