Threat actors have been using the novel QuirkyLoader malware loader to spread multiple information-stealing payloads and remote access trojans in email spam campaigns since November, according to The Hacker News.
Malicious emails distributed using legitimate email service providers and a self-hosted email server feature a nefarious archive with an executable loading the DLL, which then injects the encrypted QuirkyLoader payload via process hollowing, a report from IBM X-Force researchers showed. Taiwanese network and internet security research firm Nusoft has been targeted with one of the campaigns involving QuirkyLoader, which delivered the Snake Keylogger, while another campaign aimed at Mexico resulted in the deployment of the AsyncRAT and RemcosRAT payloads. Other malware families spread by the loader include Agent Tesla, Masslogger, Formbook, and Rhadamanthys stealer. Such findings follow separate reports detailing threat actors' usage of novel QR code phishing tactics, as well as the emergence of a PoisonSeed phishing kit enabling stealthy credentials compromise.
Malicious emails distributed using legitimate email service providers and a self-hosted email server feature a nefarious archive with an executable loading the DLL, which then injects the encrypted QuirkyLoader payload via process hollowing, a report from IBM X-Force researchers showed. Taiwanese network and internet security research firm Nusoft has been targeted with one of the campaigns involving QuirkyLoader, which delivered the Snake Keylogger, while another campaign aimed at Mexico resulted in the deployment of the AsyncRAT and RemcosRAT payloads. Other malware families spread by the loader include Agent Tesla, Masslogger, Formbook, and Rhadamanthys stealer. Such findings follow separate reports detailing threat actors' usage of novel QR code phishing tactics, as well as the emergence of a PoisonSeed phishing kit enabling stealthy credentials compromise.
