QBot Trojan Spreading Through Business Emails with PDF and WSF Combo

April 17, 2023 at 01:48 PM

•

1 min read

QBot Trojan Spreading Through Business Emails with PDF and WSF Combo — Photo: BleepingComputer

TL;DR Summary

QBot malware is now being distributed through phishing emails that use PDF attachments to download Windows Script Files (WSF) and infect Windows devices. The heavily obfuscated WSF file executes a PowerShell script that attempts to download a DLL from a list of URLs. Once executed, the QBot malware injects itself into the legitimate Windows wermgr.exe program, where it runs quietly in the background. QBot provides initial access to corporate networks for other threat actors, leading to devastating attacks on corporate networks, including ransomware attacks.

Topics:technology #cybersecurity #malware #phishing #qbot #ransomware #windows-script-files

Share this article

New QBot email attacks use PDF and WSF combo to install malware BleepingComputer
New QBot Banking Trojan Campaign Hijacks Business Emails to Spread Malware The Hacker News
Qbot Banking Trojan Increasingly Delivered Via Business Emails Infosecurity Magazine
View Full Coverage on Google News

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 3 min read

Condensed

84%

520 → 84 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights