Security News > 2022 > June > Qbot malware now uses Windows MSDT zero-day in phishing attacks
A critical Windows zero-day vulnerability, known as Follina and still waiting for an official fix from Microsoft, is now being actively exploited in ongoing phishing attacks to infect recipients with Qbot malware.
As Proofpoint security researchers shared today, the TA570 Qbot affiliate has now begun using malicious Microsoft Office.
Docx document will reach out to an external server to load an HTML file that exploits the Follina flaw to run PowerShell code which downloads and executes a different Qbot DLL payload. A collection of indicators of compromise linked to this campaign by malware analyst ExecuteMalware can be found here.
Qbot is a modular Windows banking trojan with worming capabilities for infecting more devices on compromised networks via network share exploits and highly aggressive brute-force attacks against Active Directory admin accounts.
Microsoft has published a report in December 2021 regarding the versatility of Qbot attacks that makes it harder to accurately evaluate the scope of its infections.
The DFIR Report also recently shed light on Qbot light-speed attacks where the malware is able to steal sensitive user data within roughly 30 minutes after the initial infection.
News URL
Related news
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- CISA warns of Microsoft Streaming bug exploited in malware attacks (source)
- Windows Kernel bug fixed last month exploited as zero-day since August (source)
- Hackers target FCC, crypto firms in advanced Okta phishing attacks (source)
- Apple fixes two new iOS zero-days exploited in attacks on iPhones (source)
- Flipper Zero WiFi phishing attack can unlock and steal Tesla cars (source)
- MiTM phishing attack can let attackers unlock and steal a Tesla (source)
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)