QBot Uses DLL Hijacking, Abuses Control Panel Executable In a Fresh Attack Wave
21-Nov-22
The malware known as QBot (also known as Qakbot) is being spread by a fresh phishing campaign. The Windows Control Panel executable is used by this effort to hijack DLLs and infect targets.
Recent findings by ProxyLife reveal that threat actors are disseminating a malicious HTML file attachment using stolen reply-chain emails. In addition to automatically downloading a password-protected ZIP package with an ISO file inside of it, the file displays an image that appears to be Google Drive.
