This new malware is able to bypass all of Microsoft's security warnings

Skull and Bones
Image Credit: Pixabay (Image credit: Pixabay)

Researchers have recently discovered a zero-day vulnerability that allows threat actors to run malware on target Windows endpoints without the victim devices raising any kind of alarms.

The vulnerability, which is still reportedly yet to be patched, allows threat actors to bypass Mark of the Web, a Windows feature that labels files downloaded from untrusted internet locations. 

The malware being distributed is Qbot (AKA Quakbot), an old and well-known banking trojan, but one that still poses a major threat to victims.

Running ISO files

The distribution starts with a phishing email, which contains a link to a password-protected ZIP archive. That, in turn, carries a disk image file, either an .IMG or .ISO file which, if mounted, brings up a standalone JavaScript file with malformed signatures, a text file, and a folder with a .DLL file. The JavaScript file carries a VB script that reads the contents of the text file, which trigger the execution of the .DLL file. 

As Windows did not label ISO images with Mark of the Web flags properly, they were allowed to launch without any warnings. In fact, on devices running Windows 10 or newer, simply double-clicking on a disk image file automatically mounts the file as a new drive letter. 

This is not the first time hackers are abusing vulnerabilities surrounding the Mark of the Web feature. Recently, threat actors were observed deploying a similar method to distribute the Magniber ransomware, BleepingComputer says, reminding us of a recent HP report that discovered the campaign. 

In fact, the same malformed key was used in both this, and the Magniber campaign, the publication found.

Microsoft has apparently been well aware of the flaw since at least October 2022, but has yet to release a patch just yet, but given that it’s now been observed as being used in the wild, it’s safe to assume we’ll see a fix as part of the upcoming December Patch Tuesday update. 

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Avast cybersecurity
An unpatched Windows zero-day flaw has been exploited by 11 nation-state attackers
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
A computer being guarded by cybersecurity.
Worrying Windows security issue patched by 7-Zip, so patch now
A computer being guarded by cybersecurity.
Huge cyberattack found hitting vulnerable Microsoft-signed legacy drivers to get past security
email
A Windows filetype update may have complicated cyber threat detection efforts
Representational image of a cybercriminal
Microsoft discovers five potentially damaging attacks against its own software
Latest in Security
AI tools.
Not even fairy tales are safe - researchers weaponise bedtime stories to jailbreak AI chatbots and create malware
An Android phone being held in the hand
These malicious Android apps were installed over 60 million times - here's how to stay safe
ransomware avast
Billions of credentials were stolen from businesses around the world in 2024
Avast cybersecurity
An unpatched Windows zero-day flaw has been exploited by 11 nation-state attackers
ID theft
Hackers claim Orange attack, threaten to leak 1TB of data
A computer file surrounded by red laser beams
Free online file converters could infect your PC with malware, FBI warns
Latest in News
Student sat at a desk with a laptop in a dormitory looking at a mobile phone
Windows 11 could eventually help you understand how fast your PC is - as well as offer tips for making your PC or laptop faster for free
Veresa attacks an enemy in Genshin Impact.
Genshin Impact Version 5.5 arrives next week, adding a new five star character obsessed with food
Google Pixel 9a
Google just launched the Pixel 9a – and I reckon it embarrasses the iPhone 16e
AI tools.
Not even fairy tales are safe - researchers weaponise bedtime stories to jailbreak AI chatbots and create malware
Adobe Firefly
Adobe launches game-changing GenAI tools for video editing
Amrit Kaur and Reneé Rapp in The Sex Lives of College Girls.
Max cancels The Sex Lives of College Girls but the hit HBO show might find a new streaming home elsewhere