1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Qbot malware found smuggled inside Windows Installer packages

    From TechnologyDaily@1337:1/100 to All on Tue Apr 12 12:00:03 2022
    Qbot malware found smuggled inside Windows Installer packages

    Date:
    Tue, 12 Apr 2022 10:38:59 +0000

    Description:
    Qbot's operators are moving from macro-laden Office files to Installer packages.

    FULL STORY ======================================================================

    Qbot botnet operators are no longer distributing the malware via weaponized Microsoft Office documents. Instead, theyre opting for malicious MSI Windows Installer packages.

    Cybersecurity researchers see this as a direct reaction to Microsofts move to prevent malware being delivered via Office macros.

    Qbot, or Quakbot, is a Windows banking trojan thats been roaming in the wild for more than a decade. Threat actors usually use it to steal banking login information, as well as personal and other identity-related data. It can also be used as a dropper that distributes Cobalt Strike on compromised endpoints
    . Macros disabled since January

    Among the threat actors usually deploying Qbot are REvil, Egregor, and MegaCortex, all of which usually target companies, rather than individuals.

    In late January this year, Microsoft made a major move, in a bid to
    discourage criminals from using Office files to distribute malware - it disabled Excel 4.0 (XLM) macros by default.

    Back in July 2021, the company released a new Excel Trust Center setting option, allowing administrators to restrict the usage of Excel 4.0 (XLM) macros. It has since made this option default for everyone.

    Excel 4.0 (XLM) macros were the default format until 1993, and even though theyve since been discontinued, they can still be run by the latest versions of the Office program. That makes them ideal for threat actors, whove been abusing them to push malware such as TrickBot, Zloader, Qbot, Dridex, ransomware , and many other malicious programs. Read more

    Fujifilm taken down by serious ransomware attack


    This notorious malware has returned after months away


    Microsoft Excel is making a big change to protect against malware

    Administrators can use existing Microsoft 365 applications policy control to configure this setting. The Group Policy setting Macro Notification Settings for Excel can be found in the following path and registry key:

    Group Policy Path: User configuration > Administrative templates > Microsoft Excel 2016 > Excel Options > Security > Trust Center.

    Registry Key Path: Computer\HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Office\16.0\excel\secur ity If you're worried about catching malware, you might want to consider one of the best antivirus solutions right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/qbot-malware-found-smuggled-inside-windows-inst aller-packages/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)