Sign in / up

back to article Want to sneak a RAT into Windows? Buy Quantum Builder on the dark web

A tool sold on the dark web that allows cybercriminals to build malicious shortcuts for delivering malware is being used in a campaign pushing a longtime .NET keylogger and remote access trojan (RAT) named Agent Tesla. The customizable tool, Quantum Builder (also known as Quantum LNK Builder), was seen for sale on …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. elDog

    Super. This "cmstp.exe" thing looks way too dangerous to have on users systems

    Given that users are easily fooled into clicking on intriquing links.

    Now, it would be really great if this article would also suggest ways to protect systems (such as disabling cmstp) since we know that most of us are going to click on: https://sexy.bunny/love-me

    1 0 Reply
    1. MachDiamond Silver badge
      Reply Icon

      Re: Super. This "cmstp.exe" thing looks way too dangerous to have on users systems

      "since we know that most of us are going to click on: https://sexy.bunny/love-me"

      What I've been getting a bunch of lately are invoices or receipts for goods ordered that have a link disguised and labeled as a .pdf copy. All of them have been very poorly done, but I worry that somebody more sophisticated could send one of those to my mom masquerading as being from a local store she might shop at. I never have a receipt emailed to me as can be an option these days mainly because I don't hand shops my email address. Lots of people do, though. If my mom did that and then gets a phishing letter, she might click the link.

      Something that needs to be taught and taught and driven home by electroshock therapy is never to click links in an email. If a company sends a legitimate notice, you should not use their link but log into your account directly with a URL you know is correct. A problem I notice is that some companies make it impossible to find that notice if you don't use the link rather than it being on top if you log in.

      0 0 Reply
      1. Terry 6 Silver badge
        Reply Icon

        Re: Super. This "cmstp.exe" thing looks way too dangerous to have on users systems

        And we still get marketing emails from banks etc. with "Click here to view our wonderful latest offers" links.

        And even ".....to go to your account..." sometimes- though after several years of them receiving complaints from all and sundry that is now rare.But the damage has been done in terms of training customers to click links rather than to not click links.

        0 0 Reply
  2. Terry 6 Silver badge
    Flame

    Windows by default hides the LNK extension,

    And this drive me nuts.

    Microsoft saving us (the public*) from seeing anything too much like a computer file, less it confuses our poor little minds. So that we don't see "My virus download that will steal your life savings.txt.exe" as an executable.

    So fucking stupid it leave me furious.

    *Us the tech aware make bloody sure we can see file types

    5 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like