Security News > 2023 > April > New QBot email attacks use PDF and WSF combo to install malware
QBot malware is now distributed in phishing campaigns utilizing PDFs and Windows Script Files to infect Windows devices.
Qbot is a former banking trojan that evolved into malware that provides initial access to corporate networks for other threat actors.
Starting this month, security researcher ProxyLife and the Cryptolaemus group have been chronicling Qbot's use of a new email distribution method - PDF attachments that download Windows Script Files to install Qbot on victim's devices.
QBot is currently being distributed through reply-chain phishing emails, when threat actors use stolen email exchanges and then reply to them with links to malware or malicious attachments.
The WSF file used in the QBot malware distribution campaign is heavily obfuscated, with the ultimate goal of executing a PowerShell script on the computer.
QBot malware infections can lead to devastating attacks on corporate networks, making it vital to understand how the malware is being distributed.
News URL
Related news
- Email attacks skyrocket 293% (source)
- Microsoft: Exchange Online mistakenly tags emails as malware (source)
- Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack (source)
- New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm (source)
- Chinese hackers use new data theft malware in govt attacks (source)
- NoName ransomware gang deploying RansomHub malware in recent attacks (source)
- Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack (source)
- Security measures fail to keep up with rising email attacks (source)
- CISA warns of Windows flaw used in infostealer malware attacks (source)
- Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users (source)