Security researcher ProxyLife has discovered a new QBot phishing campaign where attackers abuse Windows Mark Of The Web zero-day by distributing JS files signed with malformed signatures.
The initial infection comes from the email containing a link to the ZIP archive and its password, inside of it is another zip file, followed by an IMG file.
The IMG file however contains a malicious .js file that is used to abuse the Mark Of The Web vulnerability.
