Quant Loader Trojan downloader spotted in the wild

News by Doug Olenick

Forcepoint has come across a new Trojan downloader called Quant Loader that has been spotted distributing Locky Zepto crypto-ransomware and Pony malware.

Forcepoint has come across a new Trojan downloader called Quant Loader that has already been spotted distributing Locky Zepto crypto-ransomware and Pony malware.

Forcepoint noted in a blog that Quant Loader was first spotted on sale on several Russian marketplaces on 1 September and less than two weeks later was being used as part of an email campaign. The research firm called Quant Loader a “very basic Trojan downloader” most likely developed by the Russian cyber-crime gang known as C++ GURU" aka "CPPGURU”. The primary piece of evidence put forth connecting this gang to Quant Loader is that these bad guys also developed DDoS Madness System which shares quite a bit of code and behaves in a similar manner to Quant Loader.

“This discredits the claim of Quant Loader being "developed from scratch" as their advert states. In fact the code base is so similar that many anti-viruses already detect Quant Loader as "Pliskal" or "Crugup,” Forcepoint said.

Topics:

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike