Cybersecurity researchers have uncovered QuirkyLoader, a malware loader used since November 2024 to deliver various malicious payloads via email spam campaigns. The campaigns have targeted organizations in Taiwan and Mexico using sophisticated techniques like DLL side-loading and process hollowing. #QuirkyLoader #DLLSideLoading
Keypoints
- QuirkyLoader is a new malware loader used to distribute a range of malicious payloads via email campaigns.
- The loader employs DLL side-loading and process hollowing techniques to deliver malware such as Agent Tesla and Remcos RAT.
- Recent campaigns targeted Taiwanβs Nusoft employees with Snake Keylogger and infected victims in Mexico with AsyncRAT and Remcos RAT.
- Threat actors write DLL loaders in .NET languages and use ahead-of-time compilation to evade detection.
- Attackers are increasingly using QR code phishing methods (quishing) and sophisticated credential-stealing kits like PoisonSeed.
Read More: https://thehackernews.com/2025/08/hackers-using-new-quirkyloader-malware.html