QBot Trojan Spreading Through Business Emails with PDF and WSF Combo
QBot malware is now being distributed through phishing emails that use PDF attachments to download Windows Script Files (WSF) and infect Windows devices. The heavily obfuscated WSF file executes a PowerShell script that attempts to download a DLL from a list of URLs. Once executed, the QBot malware injects itself into the legitimate Windows wermgr.exe program, where it runs quietly in the background. QBot provides initial access to corporate networks for other threat actors, leading to devastating attacks on corporate networks, including ransomware attacks.