Hackers Abuse Windows Mark Of The Web Zero-Day To Drop QBot Malware

Security researcher ProxyLife has discovered a new QBot phishing campaign where attackers abuse Windows Mark Of The Web zero-day by distributing JS files signed with malformed signatures. The initial infection comes from the email containing a link to the ZIP archive and its password, inside of it is another zip file, followed by an IMG file. The IMG file however contains a malicious .js file that is used to abuse the Mark Of The Web vulnerability. Read more...