ESET cybersecurity experts: It’s a banking trojan that has already targeted users from Poland, impersonating Bolt Food. Goal: to steal banking-cryptocurrency credentials.
Technical analysis by the Malware Hunter JAMESWT
False purchase order from a real Quloader company. The email attachment contains an exe file, the malware itself that downloads other payloads. At the moment, however, it is not known what they are
A false purchase order (Request for Quotation, RQF) of a real company is the latest lure of cybercrime to convey Guloader. The email compressed attachment in GZ format contains an executable file, the malware itself.
This has in the past been used to carry different types of information stealers such as Agent Tesla / Origin Logger, FormBook, NanoCore RAT, Netwire RAT, Remcos RAT, Ave Maria / Warzone RAT and Parallax RAT. At the moment, however, it has not been possible to trace what the next payload is.