This new malware hijacks Windows WordPad to avoid detection By Mobile Malls May 29, 2023 0 226 views Hackers have begun abusing a flaw within the WordPad textual content editor that comes preloaded with the Home windows 10 working system to distribute the Qbot malware, researchers have claimed.A cybersecurity researcher and a member of Cryptolaemus, going by the alias ProxyLife found a brand new e mail marketing campaign by which hackers are distributing the WordPad program along with a malicious .DLL.When WordPad is launched, it’ll search for sure .DLL recordsdata it wants with a purpose to correctly run. First, it’ll search for the recordsdata in the identical folder it resides, and if it finds them – it’ll robotically run them, even when these .DLL recordsdata are malicious.DLL hijackingThe follow is normally referred to as “DLL sideloading” or “DLL hijacking” and it’s a identified methodology. Beforehand, hackers had been seen utilizing the Calculator app to do the identical factor.On this explicit occasion, when WordPad runs the DLL, the malicious file will use an executable referred to as Curl.exe (discovered within the System32 folder) to obtain a DLL pretending to be a PNG. That DLL is definitely Qbot, an historical banking trojan that may steal emails to make use of in additional phishing assaults, and provoke the obtain of extra malware, similar to Cobalt Strike, for instance. By utilizing official packages, similar to WordPad, or Calculator, to run the malicious DLL recordsdata, risk actors are hoping to bypass any antivirus packages and stay stealthy in the course of the assault. Nonetheless, as this methodology requires Curl.exe for use, it solely works on Home windows 10 and newer variations, as earlier variations didn’t have this program preinstalled. That doesn’t do a lot good as older variations are principally reaching finish of help anyway, and customers are shifting in direction of Home windows 10 and Home windows 11. Proper now, BleepingComputer stories, the QBot operation has moved on to different an infection strategies in current weeks.Here is our checklist of the very best endpoint safety software program roundThrough: BleepingComputerShare this:Click to share on Twitter (Opens in new window)Click to share on Facebook (Opens in new window)MoreClick to print (Opens in new window)Click to email a link to a friend (Opens in new window)Click to share on Reddit (Opens in new window)Click to share on LinkedIn (Opens in new window)Click to share on Tumblr (Opens in new window)Click to share on Pinterest (Opens in new window)Click to share on Pocket (Opens in new window)Click to share on Telegram (Opens in new window)Click to share on WhatsApp (Opens in new window)
