Security News > 2022 > November > QBot phishing abuses Windows Control Panel EXE to infect devices
Phishing emails distributing the QBot malware are using a DLL hijacking flaw in the Windows 10 Control Panel to infect computers, likely as an attempt to evade detection by security software.
If a threat actor creates a malicious DLL using the same name as one of the program's required DLLs and stores it in the same folder as the executable, the program would load that malicious DLL instead and infect the computer.
In July, security researcher ProxyLife discovered that threat actors were exploiting a DLL hijacking vulnerability in the Windows 7 Calculator to install the QBot malware.
This week, ProxyLife told BleepingComputer that attackers have switched to using a DLL hijacking flaw in the Windows 10 Control Panel executable, control.
When a user attempts to open this fake folder, the shortcut launches the Windows 10 Control Panel executable, control.
Dll DLL infects the device with the QBot malware using the regsvr32.