Security News > 2023 > April > New QBot email attacks use PDF and WSF combo to install malware
QBot malware is now distributed in phishing campaigns utilizing PDFs and Windows Script Files to infect Windows devices.
Qbot is a former banking trojan that evolved into malware that provides initial access to corporate networks for other threat actors.
Starting this month, security researcher ProxyLife and the Cryptolaemus group have been chronicling Qbot's use of a new email distribution method - PDF attachments that download Windows Script Files to install Qbot on victim's devices.
QBot is currently being distributed through reply-chain phishing emails, when threat actors use stolen email exchanges and then reply to them with links to malware or malicious attachments.
The WSF file used in the QBot malware distribution campaign is heavily obfuscated, with the ultimate goal of executing a PowerShell script on the computer.
QBot malware infections can lead to devastating attacks on corporate networks, making it vital to understand how the malware is being distributed.
News URL
Related news
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Israeli orgs targeted with wiper malware via ESET-branded emails (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)