A new template that uses a fake Windows Defender Antivirus theme to trick you into allowing Excel macros to spread their malware is used by the Qbot botnet.
Qbot is Windows malware, otherwise referred to as QakBot or QuakBot, which steals bank credentials, Windows domain credentials, and provides remote access to ransomware-installing threat actors.
Via another malware infection or through phishing campaigns using different lures, including fake invoices, payment and banking details, scanned documents, or invoices, victims typically become infected with Qbot.
Example Qbot spam email Source: Brad Duncan
There are malicious Excel (.xls) attachments attached to these spam emails. These attachments will prompt a user to ‘Allow Content’ when opened, so that malicious macros will run to install the Qbot malware on the computer of a victim.
Threat actors use stylized document templates that appear to be from a trustworthy company or from your operating system to trick a user into clicking the ‘Enable Content button, and thereby activating macros.
There are malicious Excel (.xls) attachments attached to these spam emails. These attachments will prompt a user to ‘Allow Content’ when opened, so that malicious macros will run to install the Qbot malware on the computer of a victim.
Threat actors use stylized document templates that appear to be from a trustworthy company or from your operating system to trick a user into clicking the ‘Enable Content button, and thereby activating macros.
New ‘Windows Defender Antivirus’ Qbot attachment
If the allow content is clicked, malicious macros that download and install the Emotet malware on the device of the victim will be performed.
The above message seems dumb and made up of individuals who work in cybersecurity, who are IT administrators or Windows enthusiasts. It is, however, compelling enough for casual users that many would obey the instructions and become infected with Qbot.
Why it’s imperative to recognize Qbot Phishing attachments?
Qbot has seen increased distribution over the past few months, especially after being delivered by spam spewed out by the Emotet botnet.
Qbot conducts various malicious operations when compromised, allowing threat actors to gain access to your bank accounts and your network.
They install ransomware such as ProLock in the device once they gain access to a network.
Because of this, the malicious document templates used by Qbot must be remembered so that you are not inadvertently infected.
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
