Qbot malware switches to new Windows Installer infection vector

Forum|Forum|3 years ago
April 11, 2022
1 reply
11 views

+54

Jasper_The_Rasper
Moderator

April 11, 2022 By Sergiu Gatlan

Qbot

The Qbot botnet is now pushing malware payloads via phishing emails with password-protected ZIP archive attachments containing malicious MSI Windows Installer packages.

This is the first time the Qbot operators are using this tactic, switching from their standard way of delivering the malware via phishing emails dropping Microsoft Office documents with malicious macros on targets' devices.

Security researchers suspect this move might be a direct reaction to Microsoft announcing plans to kill malware delivery via VBA Office macros in February after disabling Excel 4.0 (XLM) macros by default in January.

>> Full Article <<

+25

MajorHavoc
Bronze VIP
Forum|Forum|3 years ago
April 11, 2022

Well, my Mac is safe from that. But then again, I never open a zip file I do not know why I have it or where it came from, and even them, sometimes inside a sand box. Just think of all the good these people could do if they put their talent to use on something positive.

- Owen Rubin,  Apple Expert. Worked in Vision Pro team and early Mac HW and OS engineer at Apple. Machines: 2017 iMac Pro 27" 5K 3GHz 10-Core Xenon Sonoma 14.x. 2023 14" MacBookPro M2 Max Ventura 13.x, 2018 16" MacBookPro Ventura 13.x, and a dozen or so older machines for testing. iPhone 14 Pro, iPhone 13 Pro, iPhone 6.

Like

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded