QBot malware abuses Windows WordPad EXE to infect devices


The WordPad programme for Windows 10 contains a DLL hijacking vulnerability that the QBot malware operation has started to use to infect machines while avoiding detection by security products.

A DLL is a library file that contains routines that can be used concurrently by many programmes. An application will make an effort to load any necessary DLLs when it is launched. It accomplishes this by looking through specified Windows folders for the DLL and loading it when it is discovered. However, DLLs in the same location as the executable will be loaded first by Windows programmes, taking precedence over all other DLLs.

Read More…