Security News > 2023 > April > New QBot email attacks use PDF and WSF combo to install malware
QBot malware is now distributed in phishing campaigns utilizing PDFs and Windows Script Files to infect Windows devices.
Qbot is a former banking trojan that evolved into malware that provides initial access to corporate networks for other threat actors.
Starting this month, security researcher ProxyLife and the Cryptolaemus group have been chronicling Qbot's use of a new email distribution method - PDF attachments that download Windows Script Files to install Qbot on victim's devices.
QBot is currently being distributed through reply-chain phishing emails, when threat actors use stolen email exchanges and then reply to them with links to malware or malicious attachments.
The WSF file used in the QBot malware distribution campaign is heavily obfuscated, with the ultimate goal of executing a PowerShell script on the computer.
QBot malware infections can lead to devastating attacks on corporate networks, making it vital to understand how the malware is being distributed.
News URL
Related news
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations (source)
- ClickFix attack delivers infostealers, RATs in fake Booking.com emails (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Only 1% of malicious emails that reach inboxes deliver malware (source)
- Open-source malware doubles, data exfiltration attacks dominate (source)
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)
- Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader (source)