Security News > 2022 > September > Want to sneak a RAT into Windows? Buy Quantum Builder on the dark web
Quantum Builder lets attackers to create malicious Microsoft Windows LNK shortcuts.
Quantum Builder has been linked to the advanced persistent threat gang Lazarus Group, based on shared tactics, techniques, and procedures and overlaps in source code, but they can't with any confidence attribute the current campaign to Lazarus or any particular threat group.
Quantum Builder has other techniques to evade detection and camouflage tactics, including using living-off-the-land binaries, which are legitimate Microsoft tools.
Windows by default hides the LNK extension, so if a file has a.lnk extension, only the file name and.
"In this specific case, it runs an HTML application file hosted on Quantum's website using a legitimate Windows utility that's used to run HTA files, MSHTA.".
Quantum Builder has been used by threat groups in a number of campaigns to deliver a range of malware families, including RedLine Stealer, IcedID, GuLoader, and Remcos RAT and AsyncRAT. "Threat actors are continuously evolving their tactics and making use of malware builders sold on the cybercrime marketplace," they wrote.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/09/28/quantum_builder_agent_tesla_rat/
Related news
- Companies mentioned on the dark web at higher risk for cyber attacks (source)
- Dutch police arrest admin of 'Bohemia/Cannabia' dark web market (source)
- Dutch cops reveal takedown of 'world's largest dark web market' (source)
- Bohemia and Cannabia Dark Web Markets Taken Down After Joint Police Operation (source)
- Finland seizes servers of 'Sipultie' dark web drugs market (source)
- Dark web crypto laundering kingpin sentenced to 12.5 years in prison (source)