The Nigerian Communications Commission Computer Security Incident Response Team (NCC-CSIRT) has warned that new phishing, attacks exploiting a zero-day vulnerability in the Windows operating system can load QBot malware on the compromised device without triggering any Windows Security Alerts.
In its advisory, NCC-CSIRT noted that the vulnerability, which is present in all versions of Windows-based products, manifests itself as both phishing attacks and malware threats.
NCC-CSIRT reports that security researcher ProxyLife discovered a new phishing exploit on a Windows zero-day vulnerability to drop Qbot malware without displaying Mark of the Web (MoTW) security warnings.
When the link is clicked, a password-protected ZIP folder is downloaded that includes another zip file and an IMG file. Running a JS file in Windows usually results in a web flag security warning because it is an Internet-based file. However, the fake signature allows the JS The script works and loads the QBot malware without triggering any Windows security alerts.”
Accordingly, NCC-CSIRT has advised users to apply the updates in accordance with the vendor’s instructions.
CSIRT is the Cybersecurity Incident Center for the Telecom Sector established by the NCC to focus on incidents in the telecom sector and because they may affect telecom consumers and citizens in general.
CSIRT also works collaboratively with ngCERT, which was established by the Federal Government to reduce the scale of future computer risk incidents by preparing, protecting and securing Nigerian cyberspace to prevent attacks and related issues or events.
NCC warns of phishing attack exploits