HOMETHREATSQNodeService
APT / THREAT GROUP

QNodeService

2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

According to Trend Micro, this is a Node.js based malware, that can download/upload/execute files, steal credentials from Chrome/Firefox browsers, and perform file management, among other things. It targets Windows and has components for both 32 and 64bit.

Threat Analysis

QNodeService is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

js.qnodeserviceQNodeService

External Intelligence

Malpedia: js.qnodeservice

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.