QBot phishing abuses Windows Control Panel EXE to infect devices


In an effort to avoid being discovered by security software, phishing emails that disseminate the QBot malware use a DLL hijacking vulnerability in the Windows 10 Control Panel to infect machines. Dynamic Link Libraries (DLLs) are loaded differently on Windows, which makes DLL hijacking a popular attack technique.

Any DLL dependencies in the Windows search path are looked for when a Windows executable is launched. Nevertheless, if a threat actor makes a malicious DLL with the same name as a DLL that is necessary for the software and places it in the same folder as the executable.

Read More…