May 28, 2023

  • Bitcoin(BTC)$24,383.00-1.66%
  • Ethereum(ETH)$1,657.83-2.53%
  • Tether(USDT)$1.000.18%
  • BNB(BNB)$310.23-1.26%
  • USD Coin(USDC)$1.000.10%
  • XRP(XRP)$0.39-0.81%
  • Binance USD(BUSD)$1.000.05%
  • Cardano(ADA)$0.39-2.73%
  • Dogecoin(DOGE)$0.09-2.67%
  • Polygon(MATIC)$1.38-6.66%

NCC-CSIRT Warns of New Windows Phishing Attack

0

CEM REPORT, ICT | Windows users have been warned against a newly discovered Phishing attack that can load malicious QBot malware on the compromised device without triggering any Windows security alerts.

The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) warns that the vulnerability is present in all versions of Windows-based products.

In its advisory, NCC-CSIRT reports that ProxyLife security researcher discovered the new phishing exploit on Windows zero-day vulnerability to drop a Qbot malware without displaying Mark of the Web (MoTW) security warnings.

“To take advantage of the Windows Mark of the Web zero-day vulnerability, threat actors have switched to a new phishing strategy that involves propagating JS files (plain text files that include JavaScript code) signed with forged signatures.

“The newest phishing attempt begins with an email that contains a password for the file along with a link to an allegedly important document.

“When the link is clicked, a password-protected ZIP folder that includes another zip file and an IMG file is downloaded.

“Normally, launching the JS file in Windows would result in a Mark of the Web security warning because it is an Internet-based file. However, the forged signature permits the JS script to function and load the malicious QBot program without triggering any Windows security alerts,” the advisory said.

Accordingly, NCC-CSIRT advised that users apply updates per vendor instructions.

 

Share this

Leave a Comment

glo advert