New Trojan Downloader – Distributes Locky and Pony

A new Trojan downloader known by the name of Quant Loader surfaced on the cybercriminal forum scene. The malicious software was up for sale on September 1 2016. The infamous Locky ransomware and Pony malware both incorporated Quant Loader into their distribution.

Quant Loader Trojan Downloader – More Information

The Trojan was first reported by Forcepoint. Quant Loader was put for sale on Russian underground forums at the beginning of the month. The malicious software sends out emails that mask themselves as invoice documents.

An Example of the Loader’s Emails:

quant-loader-locky-trojan-pony-distribution-method-virus-bestsecuritysearch

The emails have an attached ZIP archive containing malicious Windows Script files. The Trojan can distribute infected .EXE and .DLL files.

Once the loader finds its way into the victim PC, it’ll add a file in the Windows “AppData” system folder. The infection process insures that the loader will have access to the Windows Registry keys. This means that the virus can start on Windows boot-up and can’t be removed without manual adjustments of the system’s permissions.

Quant Loader Trojan Downloader – More Details

Quant Loader was purchased by the developers of Locky and Pony within two weeks of its release. The software is promoted by a user known as “MrRaiX.” The user is known for distributing malicious software. He or she previously advertised a credential-stealing virus and a BitCoin wallet stealer.

According to Forcepoint:

The advertisement for the downloader makes claims that do not hold up to scrutiny, but we expect the malware to be improved in the future.

According to the security firm, Quant Loader is a typical Trojan distribution software. However, if the creators of Locky have picked it up, it must be doing something right. Or wrong, it depends on how you see it.

Tales From the Underground Forums

The underground forum community is where crooks gather and exchange or sell ideas and code to infect users. The forums are a dangerous place, even for criminals. Sometimes the infectious software they buy ends up infecting the crooks themselves. Hackers and cyber-scammers are always on the lookout for new ways to infect.

Quant Loader seems like a good fit for Locky. Last month, the ransomware virus started infecting with DLL files. Locky is one of the bigger ransomware viruses active right now. There’s a fun story related to the Locky virus. Back in August, a cybersecurity expert used the virus to infected a tech-support scamming organization with Locky. Of course, that’s an exception. Most victims of Locky are random, everyday people. Quant Loader is just another reason why people should be cautious while using the Internet.

Alex Dimchev

Author : Alex Dimchev

Alex Dimchev is a beat writer for Best Security Search. When he's not busy researching cyber-security matters, he enjoys sports and writing about himself in third person.


Related Posts