QBot, also known as Qakbot, QuackBot, and Pinkslipbot, is a Banking Trojan that was first observed in 2007. Today, Qbot is still a vicious and persistent threat to organizations and has become one of the leading Banking Trojans globally. Over the years, it has changed its initial techniques to deliver payloads like using VBA macros, […]
Quick Heal Security Labs has been monitoring various attack campaigns using JSOutProx RAT against different SMBs in the BFSI sector since January 2021. We have found multiple payloads being dropped at different stages of its operations. Although the RAT campaigns have also been previously reported on other countries, those targeting Indian companies are operated […]
The recent zero-day vulnerability CVE-2018-4990 in Adobe Reader enables attackers to perform a Remote Code Execution on targeted machines. Adobe has released a security advisory APSB18-09 on May 14, 2018 to address this issue. According to Adobe, the in-wild attack is targeted and it impacts limited Windows users. Vulnerable versions Acrobat DC 2018.011.20038 and earlier […]
Last week, we had blogged about the emergence of a new attack vector ‘.url’ which is used to spread malware. In this blog post, we will deep-dive into the attack chain of this ‘.url’ vector and elaborate on the Quant Loader malware which is actively making use of it. Let’s take a look at the […]
Computer users who are well versed with security threats know why and how clever phishing pages must be avoided. Clear signs help to identify fake phishing pages but what does one do against a “watering hole attack”? What exactly is a watering hole attack? A watering hole attack is a technique whereby users are profiled […]
After a massive Java 0-day vulnerability surfaced in August 2012, Oracle released an out-of-cycle update to combat the exploit. However, we advised our readers to simply disable Java on their web browsers to avoid the threat. Java has now become a highly vulnerable program that causes more trouble than it is worth and this is […]