Users of Gmail, Hotmail, Outlook, and other email services should be wary of a dangerous message that can wipe out their Windows PCs with a single click, according to security experts.
(Photo : LAURIE DIEFFEMBACQ/BELGA MAG/AFP via Getty Images)
Illustration picture shows a mobile phone and a laptop with the Google website, Monday 14 December 2020. Google is experiencing major technical difficulties in their services worldwide, resulting in problems with for example their e-mail service GMail and video channel website You Tube.
Malicious actors are using a Microsoft vulnerability that has yet to be repaired to spread the hazardous Qbot banking trojan virus, reported first by Express UK.
This dangerous software has been discovered in infected Word documents that are being sent over email, and all it takes for a victim’s PC to be infected is one click on the file.
This dangerous spyware can steal personal credentials for Windows and banking services in addition to sensitive personal and financial data.
Threat actors can use the Qbot malware to install a backdoor on affected Windows devices and offer ransomware gangs remote access.
The CVE-2022-30190 vulnerability was revealed by Proofpoint researchers, who posted about it on the security company’s Threat Insight Twitter account.
Proofpoint discovered #TA570 abusing CVE-2022-30190 to spread #Qbot malware, according to their tweet. Additionally, threat actors employed thread hijacked communications with HTML attachments that, when opened, drop a zip archive.
— Threat Insight (@threatinsight) June 7, 2022
“Archive contains an IMG with a Word doc, shortcut file, and DLL. The LNK will execute the DLL to start Qbot. The doc will load and execute an HTML file containing PowerShell abusing CVE-2022-30190 used to download and execute Qbot,” the security experts explained.
Read also: Gmail Hack 2022: How to Backup Your Text Messages from Your Android Phone to Gmail
How to Avoid Phishing Scams?
In order to get people into clicking and unintentionally downloading the dangerous attachments, scammers use bogus invoices, including payment and banking details, scanned documents, and bills to trick the victims into opening the harmful downloads.
One email spreading the hoax, according to Proofpoint, purportedly alerted employees of government agencies in the United States and Europe by sending messages indicating that they had earned a wage raise.
To make sure that you will never become a victim of phishing scams, it is highly suggested that you must adopt the standard best practices of staying safe in the online world.
This includes not clicking on links or attachments in unsolicited emails from addresses you aren’t familiar with, or if you encounter suspicious and unauthorized messages, it is better to put them in the trash.
Furthermore, the principle of verification is also a must. If your bank or any company that you’re affiliated with sends you a suspicious message, verify them first by contacting the companies or organizations behind them.
In fact, the simplest way of spotting a scam or harmful message is by taking a closer look at the email address of the sender. Hence, before opening the actual message, you must verify the address first.
Related Article: Latest Email Scam Targets Gmail, Outlook Users: How to Avoid this Vishing Attack?
This article is owned by Tech Times
Written by Joaquin Victor Tacla
ⓒ 2021 TECHTIMES.com All rights reserved. Do not reproduce without permission.