1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Windows Follina zero-day now being abused to infect PCs with Qbot

    From TechnologyDaily@1337:1/100 to All on Thu Jun 9 13:15:03 2022
    Windows Follina zero-day now being abused to infect PCs with Qbot malware

    Date:
    Thu, 09 Jun 2022 11:53:55 +0000

    Description:
    Qbot is also being used as a dropper to further distribute ransomware across Windows devices.

    FULL STORY ======================================================================

    Follina is turning out to be quite a threat for system admins everywhere, as new reports are coming in of the vulnerability being used to distribute infostealers, trojans, and ransomware.

    Cybersecurity researchers from Proofpoint found threat actors known as TA570 using the Follina flaw to infect endpoints with Qbot, while NCC Group found
    it being further abused by Black Basta, a known ransomware group.

    Qbot, known also as Qakbot, Quakbot, or Pinkslipbot, is a banking trojan, and infostealer, thats been in use for more than ten years now. Threat actors looking to distribute the infostealer usually go for a combination of
    phishing and vulnerability exploiting, tricking people into visiting
    malicious websites which, through various vulnerabilities, end up downloading the trojan onto the device.

    Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 . Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/10.99. Black Basta emerges

    Qbot is capable of dealing plenty of damage, logging keys, exfiltrating cookies, hooking processes, but also acting as a dropper for stage-two viruses, malware , or ransomware. This is exactly the hand that Black Basta
    is playing.

    A relatively new entrant into the ransomware space, Black Basta was observed by NCC Group, using Qbot to move laterally through compromised networks, and deploying its ransomware .

    The group first appeared in April this year, going straight for the American Dental Association, the publication reminds. It uses double-extortion tactics (stealing and encrypting sensitive data) to force victims into paying the ransom. Read more

    Qbot malware found smuggled inside Windows Installer packages


    This notorious malware has returned after months away


    Microsoft Excel is making a big change to protect against malware

    Follina, also tracked as CVE-2022-30190, is a flaw found in the Windows Support Diagnostic Tool. It can be abused to remotely run code, by getting programs such as Office Word to bring up the tool from a specially crafted document, when opened.

    Microsoft acknowledged the existence of the flaw and promised it was working on a fix. Until that happens, threat actors are actively using the flaw.
    Among the confirmed attacks are one against the international Tibetan community, conducted by a known Chinese state-sponsored threat actor called TA413. Keep your devices safe from Qbot with the best antivirus solutions right now

    Via: The Register



    ======================================================================
    Link to news story: https://www.techradar.com/news/windows-follina-zero-day-now-being-abused-to-in fect-pcs-with-qbot-malware/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)