May 14, 2024 at 02:23PM Microsoft has addressed a zero-day vulnerability, CVE-2024-30051, which allowed for privilege escalation through a heap-based buffer overflow in the Desktop Window Manager (DWM) core library on vulnerable Windows systems, facilitating delivery of QakBot and other malware. Kaspersky and other security researchers confirmed the exploitation and reported it to Microsoft. QakBot … Read more
February 15, 2024 at 08:29AM New QBot malware variants have been detected in email campaigns since mid-December, indicating ongoing development and distribution. The malware, also known as Qakbot, deploys through fake Adobe product installers and has caused significant financial damages in the past. Security researchers are closely monitoring the evolving threat and updating detection rules. … Read more
January 12, 2024 at 12:11AM Pikabot malware, associated with the Water Curupira intrusion set, was used in phishing campaigns through 2023. Similar to Qakbot, it consists of a loader and core module enabling unauthorized access. The campaigns targeted victims via spam emails with malicious attachments, evolving to include a PDF file delivery method. Organizations are … Read more
December 19, 2023 at 06:22PM Qakbot malware has resurfaced, distributed through phishing emails targeting hospitality organizations. Microsoft, Zscaler, and Proofpoint reported sightings of a new 64-bit version using AES encryption. Despite a takedown in August, Qakbot’s operators continue distributing other malware. Lumu observed 1,581 attempted attacks in September, indicating the group’s resilience. The group’s continued … Read more
December 19, 2023 at 04:33AM Qakbot malware has resurged with a new phishing campaign targeting the hospitality sector. The gang uses malicious PDF attachments disguised as IRS documents to distribute the malware. Despite earlier efforts to take it down, Qakbot has reappeared, demonstrating the challenge of combating cybercrime. Similar to Emotet’s revival, Qakbot’s resurgence poses … Read more
December 18, 2023 at 05:52AM A new wave of QakBot malware phishing targeting the hospitality industry was discovered by Microsoft. The phishing campaign began on December 11, 2023, distributing a PDF with a URL leading to an MSI file. Cisco Talos had previously noted QakBot affiliates using phishing to distribute ransomware and other malware. The … Read more
December 17, 2023 at 04:44PM The QakBot malware, previously disrupted by law enforcement, has resurfaced in new phishing campaigns. Microsoft warns of email phishing attacks impersonating IRS employees, distributing QakBot via a malicious PDF file. The malware, initially a banking trojan, has evolved into a delivery service for ransomware attacks and data theft, using various … Read more
November 20, 2023 at 10:12AM Phishing campaigns using DarkGate and PikaBot malware are utilizing tactics previously seen with QakBot trojan attacks. The malware families have similarities in distribution methods and behaviors to QakBot. DarkGate has advanced evasion techniques and remote control capabilities, while PikaBot can deliver additional payloads. The attacks target various sectors, spreading through … Read more
October 12, 2023 at 04:44PM Microsoft announced that it is deprecating and eventually removing VBScript from future Windows releases. Although the programming language is nearly 30 years old, cybercriminals still use it to gain access to targets. Microsoft will make VBScript a feature on demand and users can turn it on if desired, but there … Read more