The Qbot malware spoofs Windows Defender Antivirus notifications to trick users


Qbot malware, also known as QakBot or QuakBot, is a malicious code on Windows that steals bank account information, Windows domain credentials ... In addition, it can also provide control. The victim's computer system remotely tells other hackers to install ransomware.

The victim is often infected with Qbot through phishing emails containing malicious links or dangerous attachments. The people behind Qbot often send emails pretending to be invoices, bank payment information, important documents ...

Usually, Qbot will use spam emails to distribute Excel files (.xls). When opening these files, users will be forced to press the "Enable Content" button to view the file's content. However, this is in fact the button to activate the malicious macro that installs Qbot on the victim's computer.

The Qbot malware spoofs Windows Defender Antivirus notifications to trick usersThe Qbot malware spoofs Windows Defender Antivirus notifications to trick users

Recently, Qbot has developed their seduction methods to a new level. They send fake documents to victims from trusted organizations or from your own operating system. 

One of these samples was a fake warning from Windows Defender Antivirus that the document was encrypted. Users need to click on "Enable Editing" or "Enable Content" to decrypt with "Microsoft Office Decryption Core".

And of course, when users click on the buttons above, the malware Qbot and Emotet will be installed on their computer.

For those who work in the cybersecurity industry, the IT administrator or those who are knowledgeable about IT, this warning may seem silly. But for ordinary users, it is enough to convince them to follow instructions and get infected with Qbot.

Security expert found a bug in the Emotet malware, preventing it from spreading for 6 months
Hacker's new extremely cruel trick: After installing ransomware, DDoS forces the victim to pay
6 apps thought harmless but silently charged users, please remove immediately from your phone



Electronic Journal of Finance
Editorial: 4th Floor, Project Building, No.4, Hang Chuoi 1 Lane, Hai Ba Trung District, City. Hanoi
Tel: 024.39330038, 028.39300434
Only reissue information from this website with the consent in writing of Electronic Journal of Finance

© 2009 - 2020. All rights Reserved