Security News > 2022 > September > Want to sneak a RAT into Windows? Buy Quantum Builder on the dark web
Quantum Builder lets attackers to create malicious Microsoft Windows LNK shortcuts.
Quantum Builder has been linked to the advanced persistent threat gang Lazarus Group, based on shared tactics, techniques, and procedures and overlaps in source code, but they can't with any confidence attribute the current campaign to Lazarus or any particular threat group.
Quantum Builder has other techniques to evade detection and camouflage tactics, including using living-off-the-land binaries, which are legitimate Microsoft tools.
Windows by default hides the LNK extension, so if a file has a.lnk extension, only the file name and.
"In this specific case, it runs an HTML application file hosted on Quantum's website using a legitimate Windows utility that's used to run HTA files, MSHTA.".
Quantum Builder has been used by threat groups in a number of campaigns to deliver a range of malware families, including RedLine Stealer, IcedID, GuLoader, and Remcos RAT and AsyncRAT. "Threat actors are continuously evolving their tactics and making use of malware builders sold on the cybercrime marketplace," they wrote.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/09/28/quantum_builder_agent_tesla_rat/
Related news
- Dark web crypto laundering kingpin sentenced to 12.5 years in prison (source)
- What Is the Dark Web? (source)
- What It Costs to Hire a Hacker on the Dark Web (source)
- Russia sentences Hydra dark web market leader to life in prison (source)
- Russia gives life sentence to Hydra dark web kingpin after seizing a ton of drugs (source)
- Scumbag gets 30 years in the clink for running CSAM dark-web chatrooms, abusing kids (source)