QBot Uses a Windows Defender Template to Cheat

QBot is a botnet that affects Windows devices. One of the many threats that exist in the network and that in one way or another can put the security of users and the proper functioning of systems at risk. In this article we echo a news item that reports on how this malware is able to use Windows Defender as bait to achieve its goal and steal passwords.

QBot botnet uses Windows Defender as bait

Having security tools today is very important. There are many options that we have at our disposal. Many types of antivirus, both free and paid, for all systems. Also other varieties of security tools that are intended to protect computers properly.

QBot

Now, if we talk about a very popular antivirus that is very present among users, it is Windows Defender . This means that if it is used to attack by hackers, it may not generate suspicions in the victims.

What the QBot botnet does is use a new template for its malware distribution that uses a fake Windows Defender theme. The goal is to trick the victim into enabling macros in an Excel file.

If the victim enables the macros in that file, they could run the threat and steal credentials and passwords. A problem that, as we see, puts our privacy and security at risk. It can also provide remote access to install ransomware.

Victims usually get infected with Qbot through another malware infection or through Phishing campaigns that use various lures, including fake invoices, bank and payment information, scanned documents or invoices. Along with these malicious emails are Excel files. Upon opening them they will ask users to enable the content. In case of doing so, it is when our computer can become infected.

reaper botnet y la inminente llegada de un ataque DDoS a gran escala

Windows Defender template as bait

In order to deceive the victim they make use of document templates . These templates are usually from legitimate organizations or from our own system. Now, in the case of QBot, it uses a Windows Defender template to gain the trust of the victim.

With this template it is intended to be an alert from the popular Microsoft antivirus . Something that users will recognize precisely for being so widely used. Then they would see that they need to enable the content to read the information from that file. Being Windows Defender, a software that in theory should be reliable, they trust and open it.

The problem is that enabling that content is when the malware runs. This is where the security problems that compromise our team arrive.

All this makes it very important to know how to detect these types of malicious files. Common sense must be more present than ever, without making mistakes that could compromise us. It is essential not only to have a good antivirus, but also to have the latest updates on our computers to correct possible vulnerabilities.