QuasarRAT is the most famous open source RAT project among many. Since xRAT (the predecessor of Quasar RAT) was released in 2014, many attackers have deployed this RAT in many attack campaigns. Particularly, they take advantage of the open source attack tool which enables conducting attacks in a generic way in order to avoid being attributed. This trend is commonly seen in recent years, and open source tools including QuasarRAT have been used in many cases.
Our investigation has identified many RAT projects related to QuasarRAT. In these projects, QuasarRAT has been upgraded with new functions or transformed into an entirely new type of malware. The Quasar family malware has been used in many attack cases. It is important to understand the details of the Quasar RAT and its family, particularly how each project develops from the QuasarRAT and is being used for new types of attacks.