Qbot, a former banking trojan that generates initial access to corporate networks, has evolved into a malware that started using phishing campaigns to infect Windows devices. Security researchers noted that Qbot is distributed via reply-chain phishing emails with PDF attachments that download Windows Script Files (WSF) to install Qbot. The PDF files contain a message stating “this document contains protected files, to display them, click on the “open” button,” but when the button is clicked, a zip file containing the WSF file will be downloaded instead. The WSF file is heavily obfuscated, with the ultimate goal of executing a PowerShell script on the computer. Qbot malware infections can lead to devastating attacks on corporate networks; ransomware affiliates who have used Qbot for initial access include BlackBasta, REvil, PwndLocker, Egregor, ProLock, and MegaCortex. Qbot has the ability to steal sensitive data 30 minutes after the initial infection and spread to adjacent workstations within an hour, making it vital to evaluate the network for unusual behavior if a device becomes infected with Qbot.
To mitigate these potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net
Source: Bleeping Computer