Forcepoint has come across a new trojan downloader called Quant Loader that has already been spotted distributing Locky Zepto crypto-ransomware and Pony malware.

Forcepoint noted in a blog that Quant Loader was first spotted on sale on several Russian marketplaces on September 1 and less than two weeks later was being used as part of an email campaign. The research firm called Quant Loader a “very basic trojan downloader” most likely developed by the Russian cybercrime gang known as C++ GURU" aka "CPPGURU”. The primary piece of evidence put forth connecting this gang to Quant Loader is that these bad guys also developed DDoS Madness System which shares quite a bit of code and behaves in a similar manner to Quant Loader.

“This discredits the claim of Quant Loader being "developed from scratch" as their advert states. In fact the code base is so similar that many anti-viruses already detect Quant Loader as "Pliskal" or "Crugup,” Forcepoint said.