Security researchers have discovered that QBot malware is now using the legitimate Windows Calculator app for DLL side-loading attacks. The method continues to be used in current malspam campaigns.
QBot is a Windows-targeting piece of malware that first started as a banking trojan in 2007, but has since evolved into a malware dropper that's often used by ransomware gangs. Some of the ransomware families that QBot is known to deliver include RansomExx, Maze, ProLock, Egregor and Black Basta. By installing QBot through a trusted program like the Windows Calculator, threat actors can evade detection from many traditional cybersecurity solutions.
The Advanced Email Security pack for Acronis Cyber Protect Cloud detects emails with malicious attachments or URLs and filters them automatically, preventing these threats from ever reaching users' inboxes.
About Acronis
Acronis is a Swiss company, founded in Singapore. Celebrating two decades of innovation, Acronis has more than 2,000 employees in 45 locations. Acronis Cyber Protect solution is available in 26 languages in over 150 countries and is used by 18,000 service providers to protect over 750,000 businesses.