QuantLoader

QuantLoader is a Trojan downloader that may install a variety of different threats on your computer without requiring your consent or awareness. This Trojan is likely of dropping spyware-related threats like FormBook that may collect information from your computer. Many aspects of this program are stealth-related, and users should depend on their automated anti-malware protection for finding or removing QuantLoader.

Helping Spyware to Go Quantum

The RIG Exploit Kit is forming the basis of even more campaigns for infecting apparently random PCs with new, data-exfiltrating threats. One of the middlemen functionaries in this infection strategy, QuantLoader, is relatively new although its attacks employ orthodox downloading exploits. Since QuantLoader operates as a background process, any users without passive security features may not notice its attacks at all.

The infection process begins with the Web-surfer exposing themselves to compromised advertising networks, which include transparent, iFrame elements that load one of several, unsafe domains. The domains load the Rig Exploit Kit, which uses any of several, compatible vulnerabilities for installing QuantLoader. As usual, malware experts find QuantLoader concealing itself with the use of the Windows 'Svchost' process.

QuantLoader features generic, file-downloading and executing features, through which a threat actor may use it to install other threats. Right now, QuantLoader's payload delivers FormBook: a spyware suite with keylogging, browser session extraction, clipboard monitoring, and a Keylogger ZeuS-based module that targets financial Web activity for Paypal, eBay, Amazon and similar sites. The overall result of QuantLoader's current payload is the immediate loss of informational privacy and security, in particular, related to the user's financial transactions.

Unloading the Trojan Gifts that You Didn't Want

Although QuantLoader is a dedicated Trojan downloader, its threat actors also may use its admin panel for modifying its behavior from the results noted above. Malware experts can recommend checking for minor symptoms, such as changes to your Windows Firewall policy, and monitoring your network traffic for any unusual activity. However, both this Trojan's installation strategy and its running technique emphasize a bare minimum of signaling the user via any visible changes.

Any other characteristics of QuantLoader infections may vary with the type of additional threats that its admins choose to install with it. Always-on, passive anti-malware security features should detect this threat's activities and remove QuantLoader before it drops anything else. Although the rates of detection are, overall, positive among the AV industry, malware experts recommend updating all security software for increasing those chances as much as possible.

The increased Web traffic of the holidays also means more advertisements, which means more opportunities for the RIG Exploit Kit and related threats to load themselves. Rather than taking a risk with elastic consequences, like a QuantLoader infection, users should be conservative with their Web-browsing safety settings.

Technical Details