QuirkyLoader Malware Distributes Multiple Payloads via Email Spam Campaigns

First reported

21.08.2025 13:41

Last updated

📰 1 unique sources, 1 articles

Summary

Hide ▲

A new malware loader called QuirkyLoader has been distributing various payloads, including Agent Tesla, AsyncRAT, and Snake Keylogger, via email spam campaigns since November 2024. The loader uses DLL side-loading and process hollowing to deliver malware into target processes. Two campaigns were observed in July 2025, targeting Taiwan and Mexico. The Taiwan campaign specifically targeted Nusoft Taiwan employees with Snake Keylogger, while the Mexico campaign delivered Remcos RAT and AsyncRAT. The loader is written in .NET languages with ahead-of-time (AOT) compilation, making it appear as though it were written in C or C++.

Timeline

21.08.2025 13:41 📰 1 articles

QuirkyLoader Malware Loader Distributes Multiple Payloads via Email Spam Campaigns
A new malware loader called QuirkyLoader has been distributing various payloads, including Agent Tesla, AsyncRAT, and Snake Keylogger, via email spam campaigns since November 2024. The loader uses DLL side-loading and process hollowing to deliver malware into target processes. Two campaigns were observed in July 2025, targeting Taiwan and Mexico. The Taiwan campaign specifically targeted Nusoft Taiwan employees with Snake Keylogger, while the Mexico campaign delivered Remcos RAT and AsyncRAT. The loader is written in .NET languages with ahead-of-time (AOT) compilation, making it appear as though it were written in C or C++.
Show sources

Hackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake Keylogger — thehackernews.com — 21.08.2025 13:41
Open in new tab

Information Snippets

QuirkyLoader has been active since November 2024, delivering multiple malware payloads via email spam campaigns.
First reported: 21.08.2025 13:41

📰 1 source, 1 article
Show sources
- Hackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake Keylogger — thehackernews.com — 21.08.2025 13:41
The loader uses DLL side-loading and process hollowing to inject malware into target processes.
First reported: 21.08.2025 13:41

📰 1 source, 1 article
Show sources
- Hackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake Keylogger — thehackernews.com — 21.08.2025 13:41
Targeted processes include AddInProcess32.exe, InstallUtil.exe, and aspnet_wp.exe.
First reported: 21.08.2025 13:41

📰 1 source, 1 article
Show sources
- Hackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake Keylogger — thehackernews.com — 21.08.2025 13:41
Two campaigns were observed in July 2025, targeting Taiwan and Mexico.
First reported: 21.08.2025 13:41

📰 1 source, 1 article
Show sources
- Hackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake Keylogger — thehackernews.com — 21.08.2025 13:41
The Taiwan campaign targeted Nusoft Taiwan employees with Snake Keylogger.
First reported: 21.08.2025 13:41

📰 1 source, 1 article
Show sources
- Hackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake Keylogger — thehackernews.com — 21.08.2025 13:41
The Mexico campaign delivered Remcos RAT and AsyncRAT.
First reported: 21.08.2025 13:41

📰 1 source, 1 article
Show sources
- Hackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake Keylogger — thehackernews.com — 21.08.2025 13:41
QuirkyLoader is written in .NET languages with ahead-of-time (AOT) compilation.
First reported: 21.08.2025 13:41

📰 1 source, 1 article
Show sources
- Hackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake Keylogger — thehackernews.com — 21.08.2025 13:41

Summary

Timeline

QuirkyLoader Malware Loader Distributes Multiple Payloads via Email Spam Campaigns

Information Snippets