Hackers Abuse Windows Mark Of The Web Zero-Day To Drop QBot Malware

Security researcher ProxyLife has discovered a new QBot phishing campaign where attackers abuse Windows Mark Of The Web zero-day by distributing JS files signed with malformed signatures.

The initial infection comes from the email containing a link to the ZIP archive and its password, inside of it is another zip file, followed by an IMG file.

The IMG file however contains a malicious .js file that is used to abuse the Mark Of The Web vulnerability.


Read More

Got Something To Say?

Your email address will not be published.