Security researchers have recently discovered a critical vulnerability that allows hackers to run malware on Windows PCs without the targeted devices triggering any sort of alarm.
The vulnerability, which has not yet been patched, allows hackers to bypass “Mark of the Web”, a Windows feature that names files downloaded from untrusted Internet sites.
The malware distributed through the vulnerability is Qbot, which belongs to the Trojan category softwareit’s a software intended for the banking sector and although it is old and well known, it still poses a great threat to the victims.
Security researchers explain that the distribution of the malware, also known as “Quakbot”, begins with a phishing email containing a link to a password-protected ZIP archive.
Because Microsoft Windows has not marked the ISO disk image file with Mark of correctly the Web, allows the software to work without any warning. On Windows 10 or Windows 11 devices, double-clicking a disk image file will automatically mount the file as a new drive letter.
Interestingly, this isn’t the first time hackers have abused vulnerabilities surrounding the Mark function of On the web recently, hackers have been observed to have implemented a similar method to distribute Magniber ransomware, according to BleepingComputer, as well as a recent HP report uncovering the campaign. It was also noted that the same distorted key was used for both in this campaign than in the Magniber campaign.
Microsoft is believed to have known about the vulnerability since last October, but hasn’t released one patch for it, but as the company realizes that the vulnerability is indeed being exploited, it is expected to release a patch for it in the Patch Tuesday update for next December.
Read More About: Technology News