Security News > 2023 > April > New QBot email attacks use PDF and WSF combo to install malware
QBot malware is now distributed in phishing campaigns utilizing PDFs and Windows Script Files to infect Windows devices.
Qbot is a former banking trojan that evolved into malware that provides initial access to corporate networks for other threat actors.
Starting this month, security researcher ProxyLife and the Cryptolaemus group have been chronicling Qbot's use of a new email distribution method - PDF attachments that download Windows Script Files to install Qbot on victim's devices.
QBot is currently being distributed through reply-chain phishing emails, when threat actors use stolen email exchanges and then reply to them with links to malware or malicious attachments.
The WSF file used in the QBot malware distribution campaign is heavily obfuscated, with the ultimate goal of executing a PowerShell script on the computer.
QBot malware infections can lead to devastating attacks on corporate networks, making it vital to understand how the malware is being distributed.
News URL
Related news
- New IOCONTROL malware used in critical infrastructure attacks (source)
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks (source)