Quant Loader Trojan Spreads Via Microsoft URL Shortcut Files

Faybert

Level 24
Thread author
Verified
Top Poster
Well-known
Jan 8, 2017
1,318
Researchers are warning of a new email phishing campaign that downloads and launches the Quant Loader trojan, capable of distributing ransomware and stealing passwords.

Barracuda on Tuesday said it has been tracking emails containing zipped Microsoft internet shortcut files with a “.url” file extension sent to millions of inboxes via a phishing campaign over the past month. If files are executed a script is downloaded and then drops the Quant Loader malware onto the targeted system.

“This is a more sophisticated approach than usual… it might be a way to prepare for a later attack,” said Fleming Shi, SVP of Advanced Technology Engineering at Barracuda in an interview with Threatpost.

Shi said victims are tricked into clicking unfamiliar file extensions in emails, which look like billing documents. Emails have a file name pattern, with some having no text content and simply a subject line.

“These shortcut files use a variation on the CVE-2016-3353 proof-of-concept, containing links to JavaScript files (and more recently Windows Script Files). However, in this instance the URL was prefixed with ‘file://’ rather than ‘http://’ which fetches them (scripts) over Samba rather than through a web browser,” wrote researchers in a technical blog outlining the research.
..........
..........
..........
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top