The Computer Security Incident Response Team (NCC-CSIRT) of the Nigerian Communications Commission (NCC) has issued a warning that a recent Phishing attack known as Attacks Exploit Windows Zero-Day Vulnerability can install the malicious QBot malware on a compromised device without causing any Windows security alerts.
The vulnerability, which affects all versions of Windows-based products, can be exploited by phishing attacks and malware threats, according to NCC-advisory. CSIRT’s
According to NCC-CSIRT, ProxyLife security researcher found a new phishing attack on a Windows zero-day vulnerability that allows Qbot malware to be dropped without displaying security warnings for Mark of the Web (MoTW).
The most recent phishing attempt starts with an email that includes a link to an ostensibly critical document and a password for the file.
“A password-protected ZIP folder containing another zip file and an IMG file is downloaded when the link is clicked.
Because the JS file is an Internet-based file, Windows normally issues a Mark of the Web security warning when it is launched. The falsified signature, on the other hand, enables the JS script to run and load the malicious QBot application without invoking any Windows security alerts, according to the advice.
As a result, NCC-CSIRT encouraged users to deploy upgrades in accordance with vendor instructions.
The NCC established the CSIRT as the telecom industry’s cyber security incident center to focus on occurrences that may have an impact on telecom users and the general public.
The Federal Government founded ngCERT to lessen the frequency of future computer risk situations by preparing, safeguarding, and securing Nigerian cyberspace to prevent attacks, difficulties, or associated events. The CSIRT also collaborates with ngCERT.