 |
| A critical vulnerability has been discovered |
A critical vulnerability has been discovered that allows you to bypass all Windows security warnings
Security researchers recently revealed a critical vulnerability that allows hackers to run malware on Windows computers without the target device triggering any alerts.
The bug, which was not corrected, allowed hackers to bypass Mark of the Web, a Windows feature that identifies files downloaded from untrusted websites.
The malware distributed by this vulnerability is Qbot, which belongs to the Trojan horse category and targets the banking sector, and although it is an old brand, it still poses a significant threat to victims.
Security researchers said that the distribution of this malware, also known as Quakbot, began with a phishing email containing a link to a password-protected ZIP archive.
The ZIP archive contains an ISO or IMG disk image file which, when downloaded, reveals a standalone JavaScript file with a nonsense signature, a script file, and a folder of DLL files. The javascript file loads a VB script that reads the contents of the script file and then runs the DLL file.
The program runs without warning because Microsoft Windows does not properly label the ISO disk image file with the web tag. On Windows 10 or Windows 11 devices, double-clicking a disk image file will automatically mount the file as a new drive letter.
It should be noted that this is not the first time that hackers have exploited vulnerabilities surrounding the Mark of the Web feature. BleepingComputer reported that hackers were recently observed launching similar Magniber ransomware distribution methods, and an HP report recently revealed this activity. Also note that the same spin key is used in this campaign and the Magniber campaign.
Microsoft is believed to have known about the vulnerability since October last year but has not released a fix, but it is expected to release a fix in its Patch Tuesday update in December next year as the company is aware that the vulnerability has already been exploited.