A recent phishing scam targets a zero-day vulnerability in Microsoft Corporation’s (NASDAQ: MSFT) Windows to install Qbot malware without displaying the usual security warnings.
On Saturday, a new phishing attack took advantage of a zero-day vulnerability in Windows to drop Qbot malware “without displaying a Mark of the Web security warning.”
This malware gets into the victim’s system via manipulated email attachments and allows the introduction of malicious code.
Normally, when a file is downloaded from an untrusted remote location, Windows puts a label on the file called the Mark of the Web. If a user continues to open a MotW labeled file, Windows will issue a security warning asking if the file is safe to access.
However, hackers are already disseminating JS files with fake signatures by taking use of Windows zero-day web vulnerability indicators. Why it’s important Since October, Microsoft has been aware of the zero-day vulnerability. The research stated that because malware campaigns have targeted the weakness, the problem is probably going to be remedied as part of the security update patch for December 2022.
In order to address an actively exploited zero-day vulnerability in the Windows MotW security system, Microsoft published a free unofficial patch in October. Another of her Bleeping Computer reports states that the weakness allows attackers to stop her MotW tagging of files retrieved from her ZIP package.