APT / THREAT GROUP
QNodeService
2
aliases
Last seen:Mar 17, 2026
Intelligence Profile
According to Trend Micro, this is a Node.js based malware, that can download/upload/execute files, steal credentials from Chrome/Firefox browsers, and perform file management, among other things. It targets Windows and has components for both 32 and 64bit.
Threat Analysis
QNodeService is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
External References
Quick Facts
TypeAPT / Threat Group
Aliases2
Also Known As
js.qnodeserviceQNodeService
External Intelligence
Malpedia: js.qnodeserviceResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.