Researchers have discovered new email phishing campaign that spreads the Quant Loader trojan, which is capable of distributing ransomware and stealing passwords.
The malicious emails distributed a zipped Microsoft Internet shortcut files with a “.url” file extension to millions of inboxes via a phishing campaign over the past month.
Once the files are executed a script that drops the Quant Loader malware is downloaded into victims devices.
Hackers use this sophisticated approach to prepare their ground for a later attack.
To be safe and secured you must implement a viable and robust cybersecurity solution, for an individual, the best cybersecurity solution comes in the form of antivirus for Windows or antivirus for Mac depending on which OS their device is running. For companies, the step previously presented represents only the first layer of cybersecurity, to obtain the best cybersecurity measure every company must hire a cybersecurity firm that will attack purpose company’s network to reveal the most destructive and dangerous flaws.
Cybercriminals use billing documents to trick victims into clicking unfamiliar file extensions in emails. Every email is embedded with a file name pattern that is using a variation of the CVE-2016-3353. In this instance, cybercriminals used a URL prefixed with ‘file://’ rather than ‘http://’ which fetches scripts over Samba rather than through a web browser. Samba is a popular standard for providing Windows-based file and print services.
The vulnerability CVE-2016-3353 affects Microsoft Internet Explorer from 9 through 11 and is rated by the National Vulnerability Database as high severity. The vulnerability consists of mishandling .url files from the Internet zone. This mishandling allows remote attackers to bypass intended access restrictions via a crafted file also known as ‘Internet Explorer Security Feature Bypass.
The Quant Loader trojan can be brought from various underground forums. After purchase, every buyer can configure their payload(s) upon infection via a management panel.
Quant Loader is available for purchase on various underground forums since 2016.
In the past, the downloader has been used to distribute the Locky Zepto crypto-ransomware and Pony malware family.
It also has capabilities like privilege escalation and administrative control panel and support for downloading both EXEs and DLLs.
The same trojan has been used in a series of mini-attacks over the past month. The best defense is the offense: this kind of cyber attacks can be repealed by always practicing good cyber security habits.
We recommend the implementing of a robust cybersecurity solution into your devices like an antivirus for Windows or antivirus for Mac depending on which OS are your machines running.
It is also recommended for every company to hire specialized cybersecurity firms that will perform various tests like a penetration test and various ethical hacking tests to reveal audited company network flaws.
For companies that are operating their activity 100% online, we recommend the using of cyber-secured web hosting services.