It goes away and it comes back… Aged 14, the Qbot malware specializes in collecting bank data or installing ransomware. It crashes into Windows again via a phishing attack bypassing the protections of Windows 10 and 11.
the Trojan horseTrojan horse Qbot is once again in the news after a period of calm. the malwaremalwarewhich dates from 2008, is spreading via phishing campaigns and its objective is to collect users’ banking information. It has evolved to bring in other malware, like Brute RatelRatelEgregor, CobaltCobalt Strike, or to implant ransomwareransomware in companies with Egregor, Prolock or recently Black Basta.
Futura mentioned his return at the end of last July. For this attack, QBot was hiding in a copy of the calculator of Windows 7Windows 7 which pretended to be that of later versions.
While it is neutralized each time a phishing campaign is detected to carry it, this time Qbot managed to sneak through a zero-day flaw in Windows. The new vulnerability exploited by Qbot has been detected by a company analyst Analygenceafter a phishing attack with the Magniber ransomware was identified by HP Threat Intelligence.
A fake signature to trick Windows
At this stage, from the moment the victim tries to open the file, an alert message should be displayed thanks to a security system that has been put in place with Windows 10Windows 10. This makes it possible to block the execution of files coming from an unidentified external source and this is indeed the case here. However, this does not work because the injection of QBot takes place without the slightest signal.
To correct the situation, with the important update of November 2022, MicrosoftMicrosoft added security updates that were released. The breach is thus filled, until the hackers again find another trick to bring QBot back.