BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

New QuirkyLoader Malware Targets Users in Recent Email Attacks

QuirkyLoader Malware Loader Spreads in Global Email Attacks Using Advanced Evasion Techniques and QR Code Phishing

  • Researchers have identified a new Malware loader called QuirkyLoader being used in global email attacks since November 2024.
  • QuirkyLoader distributes different types of malware, including Agent Tesla, AsyncRAT, Formbook, Masslogger, Remcos RAT, Rhadamanthys Stealer, and Snake Keylogger.
  • The loader uses DLL side-loading and process hollowing techniques to inject malicious code into popular Windows processes.
  • Recent phishing trends include splitting or nesting QR codes in email attacks to evade detection and using phishing kits to capture credentials and two-factor codes.
  • Attackers are targeting both individuals and companies, specifically with focused campaigns in Taiwan and Mexico.

Cybersecurity experts have discovered a new malware loader called QuirkyLoader being used in email-based attacks across different countries since November 2024. These attacks spread malware to steal data or gain remote access on victims’ devices. Groups have used this tool to target employees of companies in Taiwan and randomly in Mexico.

- Advertisement -

According to IBM X-Force, QuirkyLoader delivers several types of harmful software, such as Agent Tesla, AsyncRAT, Formbook, Masslogger, Remcos RAT, Rhadamanthys Stealer, and Snake Keylogger. The attackers send emails through legitimate and self-hosted servers, using a malicious attachment that includes a DLL file, an encrypted payload, and a legitimate executable.

Security researcher Raymond Joseph Alfonso explained, “The actor uses DLL side-loading, a technique where launching the legitimate executable also loads the malicious DLL. This DLL, in turn, loads, decrypts, and injects the final payload into its target process.” The QuirkyLoader uses process hollowing, meaning it injects malware into running processes such as AddInProcess32.exe, InstallUtil.exe, or aspnet_wp.exe. IBM states that these techniques help the malware avoid detection by security tools.

IBM notes that most QuirkyLoader attacks are limited but have been active, with two campaigns in July 2025. One attack group focused on employees at Nusoft Taiwan, in New Taipei City, aiming to deliver Snake Keylogger—stealing sensitive info from browsers, keystrokes, and clipboard. The Mexico campaign was broader in targeting, delivering Remcos RAT and AsyncRAT.

Researchers also report new trends in phishing, including the use of split or nested QR codes in emails. These trends, highlighted by Barracuda researcher Rohit Suresh Kanase, help attackers bypass filters because QR codes are not easily checked by traditional defences and usually require users to scan them with mobile devices. As Kanase noted, “Malicious QR codes…can often bypass traditional security measures such as email filters and link scanners.”

- Advertisement -

Another development includes the PoisonSeed phishing kit, which collects both passwords and two-factor codes by sending victims to fake login pages that mimic platforms like Google, SendGrid, and Mailchimp. According to NVISO Labs, attackers use spear-phishing emails with malicious links to lure targets and validate their details in real time, showing convincing fake security challenges.

These findings highlight the ongoing changes in how attackers try to avoid detection and access sensitive information across the globe.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

China-linked hackers target Indian taxpayers via tax phishing

A suspected China-nexus cyber campaign named Operation DragonReturn is targeting Indian taxpayers and financial...

Alphabet Launches Two New AI Models, Eyes Stock Boost

Alphabet launches two new AI models, Nano Banana 2 Lite and Gemini Omni Flash,...

Nvidia’s Kyber AI rack delayed to 2028: report

NVIDIA's next-generation Kyber server rack, designed for Rubin Ultra chips, is delayed to 2028...

TrojPix Air-Gap Attack Uses Monitor Cables

Researchers at Shandong University have demonstrated a new covert data exfiltration technique called TrojPix.The...

Bitcoin Reclaims $63k as Crypto Market Sees July Reversal

Bitcoin (BTC) reclaimed $63,000 in early July 2026, signaling a market reversal after a...

Must Read

10 BEST Companies to Buy Hosting With Bitcoin And Crypto

If you are looking to buy hosting with bitcoin or cryptocurrency then you've come to the right place.I've done the research for you...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading