Gmail, Hotmail, Outlook and other email users have to be careful of dangerous message that can break their Windows PC with just one click. Security experts warn that hackers are taking advantage of a vulnerability that has not yet been patched by Microsoft to distribute the dangerous Qbot banking trojan. This malware was found in infected Word documents which are distributed via email and it only takes one click on this file to get the victim’s computer infected.
Apart from stealing sensitive personal and financial data, this dangerous malware can also steal credentials for Windows and banking services.
The Qbot malware also allows malicious actors to deploy a backdoor on infected Windows machines and give remote access to ransomware gangs.
This massive threat was highlighted by researchers at Proofpoint, the security firm’s Threat Insight Twitter account posting about the CVE-2022-30190 vulnerability.
He tweeted: “Proofpoint saw #TA570 exploit CVE-2022-30190 to deliver #Qbot malware. The actor uses hijacked thread messages with HTML attachments which, if opened, drops a zip archive.
“The archive contains an IMG with a Word document, a shortcut file and a DLL. The LNK will run the DLL to start Qbot. The document will load and run an HTML file containing PowerShell abusing CVE-2022-30190 used to download and run Qbot.”
To trick people into clicking on needed attachment, scammers spread fake invoices, payment and banking information, scanned documents or invoices to trick people into downloading dangerous files.
Proofpoint highlighted an email spreading this scam that allegedly informed government agency staff in the United States and Europe that they had received a pay raise.
To help you stay away from this threat, follow typical best practices that help you stay away from phishing scams.
This includes not clicking on unsolicited emails from addresses you are not aware of, and especially not clicking on any links or attachments in those messages.
You can usually spot a scam a mile away by taking a closer look at a sender’s email address.
If it’s not linked to an official domain of the organization it claims to be from, or if it’s being sent from a Gmail, Hotmail, or other dubious account, alarm bells should ring.
For those who are still unsure after checking these items, you can simply contact the organization where the message allegedly originated.
Although it takes a bit of time, it will save you a lot more wasted time and stress if you end up being lured into a scam.