all InfoSec news
QakBot Malware Used Unpatched Vulnerability to Bypass Windows OS Security Feature
Security Boulevard securityboulevard.com
Executive Summary
This paper investigates a recent QakBot phishing campaign's ability to evade Mark-of-the-Web (MoTW) security features, allowing for escape from the designated security zone and successful installation of malicious software on victim device.. Key observations:
EclecticIQ analysts investigated QakBot phishing campaigns switching to a Zero-Day Vulnerability to evade Windows Mark of the Web (MoTW). QakBot may be able to increase its infection success rate as a result of the switch to a zero-day exploit.
The threat actor distributes QakBot …
analysts bypass campaign campaigns critical infrastructure device eclecticiq escape evade executive features infection installation intelligence research key malicious malicious software malware mark mark of the web may motw phishing phishing campaign qakbot rate result security security features software the web threats and vulnerabilities unpatched victim vulnerabilities vulnerability web windows zero-day zero-day vulnerability