1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This powerful email malware attack uses PDF and WSF files to brea

    From TechnologyDaily@1337:1/100 to All on Tue Apr 18 19:15:03 2023
    This powerful email malware attack uses PDF and WSF files to break your defenses

    Date:
    Tue, 18 Apr 2023 18:10:23 +0000

    Description:
    A PDF is used to infect victims with Qbot, which is often used to deliver ransomware.

    FULL STORY ======================================================================

    Cybersecurity researchers have discovered a new hacking campaign that distributes the dreaded Qbot malware .

    Qbot is used by some of the worlds biggest ransomware operators, such as BlackBasta, REvil, Egregor, and others.

    According to researchers ProxyLife and Cryptolaemus, cybercriminals are using hijacked email accounts to spread the malware. They would use the stolen account to reply to an email chain, in order not to look overly suspicious.
    In the replied message, theyd distribute a .PDF file called CancellationLetter-[number]. If the victim opens the file, theyd see a prompt saying This document contains protected files, to display them, click the
    open button. Banking trojan evolution

    Pressing the button, however, downloads a .ZIP file with a Windows Script (WSF) document. That file, as the researchers explain, is a mix of JavaScript and Visual Basic Script codes that download Qbot.

    Qbot itself used to be a banking trojan, but has since evolved into
    full-blown malware that provides access to compromised endpoints. Large cybercriminal syndicates use Qbot to deliver stage-two malware. Most notably
    - ransomware. Read more

    Qbot malware found smuggled inside Windows Installer packages


    Windows Follina zero-day now being abused to infect PCs with Qbot malware


    Here are the best endpoint protection tools today

    To defend against this attack, as well as countless similar ones out there, the best way is to first use common sense - if youre not expecting an email, especially with an attachment, be sceptical about its contents. The same goes with links in email bodies - always verify before opening any links.

    Furthermore, having proper cybersecurity solutions wont hurt - an email security solution, an antivirus, or a firewall, will help in the battle against malware and ransomware. Also, having multi-factor authentication
    (MFA) set up on all accounts wherever possible is a great way to protect against data and identity theft.

    Finally, keeping the hardware and software up to date is crucial. By applying the latest patches and firmware updates, youre keeping your endpoints secure from known vulnerabilities that threat actors can abuse with malware. Here's our list of the best ID theft protection right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-powerful-email-malware-attack-uses-pdf-and -wsf-files-to-break-your-defenses


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)