Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

This powerful email malware attack uses PDF and WSF files to break your defenses

Magnifying glass enlarging the word 'malware' in computer machine code

Cybersecurity researchers have discovered a new hacking campaign that distributes the dreaded Qbot malware.

Qbot is used by some of the world’s biggest ransomware operators, such as BlackBasta, REvil, Egregor, and others. 

According to researchers ProxyLife and Cryptolaemus, cybercriminals are using hijacked email accounts to spread the malware. They would use the stolen account to reply to an email chain, in order not to look overly suspicious. In the replied message, they’d distribute a .PDF file called “CancellationLetter-[number]”. If the victim opens the file, they’d see a prompt saying “This document contains protected files, to display them, click the “open” button.” 

Banking trojan evolution

Pressing the button, however, downloads a .ZIP file with a Windows Script (WSF) document. That file, as the researchers explain, is a mix of JavaScript and Visual Basic Script codes that download Qbot. 

Qbot itself used to be a banking trojan, but has since evolved into full-blown malware that provides access to compromised endpoints. Large cybercriminal syndicates use Qbot to deliver stage-two malware. Most notably - ransomware. 

To defend against this attack, as well as countless similar ones out there, the best way is to first use common sense - if you’re not expecting an email, especially with an attachment, be sceptical about its contents. The same goes with links in email bodies - always verify before opening any links. 

Furthermore, having proper cybersecurity solutions won’t hurt - an email security solution, an antivirus, or a firewall, will help in the battle against malware and ransomware. Also, having multi-factor authentication (MFA) set up on all accounts wherever possible is a great way to protect against data and identity theft. 

Finally, keeping the hardware and software up to date is crucial. By applying the latest patches and firmware updates, you’re keeping your endpoints secure from known vulnerabilities that threat actors can abuse with malware.

Via: BleepingComputer

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.