New version of Qakbot Trojan may exploit a ‘zero day’ flaw in Windows and escalate system privileges

Technology Joy REPORT
New version of Qakbot Trojan may exploit a ‘zero day’ flaw in Windows and escalate system privileges
New version of Qakbot Trojan may exploit a ‘zero day’ flaw in Windows and escalate system privileges

A group of researchers has discovered a new version of the Qakbot Trojan with new functionalities, as it has the ability to exploit a Windows zero-day vulnerability and escalate operating system privileges.

Kaspersky experts recognized a possible vulnerability in the operating system developed by Microsoft on April 1 through a document uploaded to the VirusTotal platform, which described an exploitation process identical to the ‘exploit’ for another flaw, CVE- 2023-36033.

Although they suspected that the new flaw could be fictitious or unexploitable, the team continued their investigation and warned that the vulnerability, registered as CVE-2024-30051, was capable of escalating operating system privileges.

Kaspersky then began monitoring security attacks using the flaw and, in mid-April, detected an exploit for it, as it was observed to be used with Qakbot and other malware.

QakBot is a ‘malware’ active since 2007, also known as QBot or Pinkslipbot, which from the beginning has spread through ’emails’ with malicious links, with which it manages to infect the victims’ computer equipment.

Although its primary purpose is to seize login credentials for online banking, it has also been used as a delivery mechanism for other types of malware and can act as a remote access trojan (RAT).

Likewise, the cybersecurity firm has clarified in a press release that this Trojan has acquired a new functionality, ‘keylogging’, that is, it runs a program in the background to record the keystrokes used by victims. Also email theft and the ability to spread and install ‘ransomware’.

With this, he recalled that this ‘malware’, now directed at the Microsoft operating system, is known “for its frequent updates and improvements, which makes it a persistent threat in the security landscape,” according to the statement.

He also said that, in recent years, it has been observed that Qakbot uses other ‘botnets’, such as Emotet, for its distribution. For this reason, it has updated its services, with versions that are capable of detecting the exploitation of CVE-2024-30051

 
For Latest Updates Follow us on Google News
 

-

PREV so you can always send files in maximum quality
NEXT You can ask the AI ​​and jump to the best part of the video

Related posts

‘Europe is getting worse’

This is what happens to your brain when you pray or meditate

Extreme weather forecasts for the Caribbean

Onconecta, a new information tool for patients, is presented