Security News > 2022 > April > Qbot malware switches to new Windows Installer infection vector
The Qbot botnet is now pushing malware payloads via phishing emails with password-protected ZIP archive attachments containing malicious MSI Windows Installer packages.
This is the first time the Qbot operators are using this tactic, switching from their standard way of delivering the malware via phishing emails dropping Microsoft Office documents with malicious macros on targets' devices.
Security researchers suspect this move might be a direct reaction to Microsoft announcing plans to kill malware delivery via VBA Office macros in February after disabling Excel 4.0 macros by default in January.
Qbot is a modular Windows banking trojan with worm features used since at least 2007 to steal banking credentials, personal information, and financial data, as well as to drop backdoors on compromised computers and deploy Cobalt Strike beacons.
Although active for over a decade, the Qbot malware has been primarily used in highly targeted attacks against corporate entities since they provide a higher return on investment.
Since Qbot infections can lead to dangerous infections and highly disruptive attacks, IT admins and security professionals need to become familiar with this malware, the tactics it's using to spread throughout a network, and those used by the botnet operators to deliver it to new targets.
News URL
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)