Qbot operators using .DLL malware to exploit windows systems
In the ever-evolving scenario of cyber threats, hostile actors continue to use sophisticated methods to enter computer systems and exploit sensitive data. One such example is the utilization of Qbot operators, who use a crafty approach by leveraging a malicious .DLL malware to hijack Windows WordPad.
This strategy allows them to evade detection and carry out their malicious activities undetected. In this blog post, we will delve into the workings of Qbot operators and explore how they exploit WordPad as a covert tool.
Threat actors exploit vulnerability in Windows 10 WordPad
According to researchers, hackers have started exploiting a vulnerability in the Windows 10 preloaded WordPad text editor to distribute the Qbot malware. ProxyLife, a member of Cryptolaemus and a cybersecurity researcher, recently uncovered an email campaign where hackers are distributing the WordPad program along with a malicious .DLL file.
After launching WordPad, the application searches for specific .DLL files required for proper functioning. Initially, it looks for these files in its folder. If the necessary .DLL files are found, WordPad automatically executes them, even if they are malicious.
What
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article:
Read the original article: