https://www.ghacks.net/2023/05/29/qbot-malware-dll-hijacking/
The QBot malware has recently been observed using a sophisticated technique to infect computers by taking advantage of a DLL hijacking vulnerability in the widely used Windows 10 WordPad program. By leveraging this flaw, the malware can evade detection from security software, making it a significant concern for users and organizations alike…
QBot, initially recognized as a banking trojan but later evolving into a versatile malware dropper, has established partnerships with ransomware groups like Black Basta, Egregor, and Prolock. Together, they target corporate networks for extortion attacks…
When a user clicks on a download link contained in the phishing emails, a ZIP archive is fetched from a remote host. Inside the archive, two critical components are present: document.exe (disguised as the Windows 10 WordPad executable) and a DLL file named edputil.dll, which enables DLL hijacking…
