Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • Fake Windows Defender Antivirus Theme Used to Spread QBot
  • Cyber Attacks
  • Data Breach
  • Malware

Fake Windows Defender Antivirus Theme Used to Spread QBot

6 years ago David Bisson
Fake Windows Defender Antivirus Theme Used to Spread QBot

Digital attackers incorporated a fake Windows Defender Antivirus theme into a malicious document in order to distribute QBot malware.

According to Bleeping Computer, the QBot gang began using a new template for their email attack campaigns’ malicious documents beginning on August 25, 2020.

The template adopted the disguise of a Windows Defender Antivirus alert in order to convince the recipient that the malicious document was actually a legitimate email attachment.

To add further legitimacy to their efforts, the actors replicated branding not only pertaining to Windows Defender but also to several other well-known security firms.

The Windows Defender Antivirus attachment used by the QBot gang. (Source: Bleeping Computer)

Bleeping Computer highlighted the efficacy of this type of disguise in its reporting:

To people who work in cybersecurity, are IT admins, or Windows enthusiasts, the above message appears silly and made up. To casual users, though, it is convincing enough that many would follow the instructions and become infected with Qbot.

Like many others before it, this malicious email attachment attempted to trick the recipient into thinking that they needed to enable the content of the document in order to view it.

If the user went ahead and clicked the “Enable Content” button, the document’s malicious macros executed and subsequently downloaded a sample of QBot onto the victim’s computer.

A botnet known for stealing information and providing remote access to digital attackers, QBot had a busy few months in the third quarter of 2020. The trojan earned a place on Check Point’s Global Threat Index in August 2020. The next month, the malware rose to 6th place on the list.

The growth of QBot along with its use of antivirus alerts as a disguise highlight the need for organizations to defend themselves against malware.

Organizations can protect themselves by investing in a solution that analyzes suspicious files in a quarantined environment and by providing reports about relevant system changes. Learn how Tripwire File Analyzer can help strengthen your anti-malware defenses.

The post ” Fake Windows Defender Antivirus Theme Used to Spread QBot” appeared first on TripWire

Source:TripWire – David Bisson

Tags: Encryption, Malware, Phishing, TripWire

Continue Reading

Previous Office 365: A Favorite for Cyberattack Persistence
Next TrickBot Takedown Disrupts Major Crimeware Apparatus

More Stories

  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

3 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

4 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

[Webinar] Why Your AppSec Tools Miss the “Lethal Path” (and How to Fix It)

5 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Most Remediation Programs Never Confirm the Fix Actually Worked

5 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws

6 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data

9 hours ago [email protected] (The Hacker News)

Recent Posts

  • Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
  • Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
  • [Webinar] Why Your AppSec Tools Miss the “Lethal Path” (and How to Fix It)
  • Most Remediation Programs Never Confirm the Fix Actually Worked
  • Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT