Security News > 2022 > April > Qbot malware switches to new Windows Installer infection vector
The Qbot botnet is now pushing malware payloads via phishing emails with password-protected ZIP archive attachments containing malicious MSI Windows Installer packages.
This is the first time the Qbot operators are using this tactic, switching from their standard way of delivering the malware via phishing emails dropping Microsoft Office documents with malicious macros on targets' devices.
Security researchers suspect this move might be a direct reaction to Microsoft announcing plans to kill malware delivery via VBA Office macros in February after disabling Excel 4.0 macros by default in January.
Qbot is a modular Windows banking trojan with worm features used since at least 2007 to steal banking credentials, personal information, and financial data, as well as to drop backdoors on compromised computers and deploy Cobalt Strike beacons.
Although active for over a decade, the Qbot malware has been primarily used in highly targeted attacks against corporate entities since they provide a higher return on investment.
Since Qbot infections can lead to dangerous infections and highly disruptive attacks, IT admins and security professionals need to become familiar with this malware, the tactics it's using to spread throughout a network, and those used by the botnet operators to deliver it to new targets.
News URL
Related news
- Microsoft fixes Windows zero-day exploited in QakBot malware attacks (source)
- Beware: These Fake Antivirus Sites Spreading Android and Windows Malware (source)
- New Cross-Platform Malware 'Noodle RAT' Targets Windows and Linux Systems (source)
- Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS (source)