December 15, 2022

Microsoft has fixed a security vulnerability that permitted malicious hackers to circumvent Windows SmartScreen security and distribute Magniber ransomware and Qbot malware payloads.

This comes after Microsoft has been working to fix it since late October, when HP’s threat intelligence team issued the first warning after the vulnerability was exploited multiple times in the wild.

The infected standalone JavaScript files were used to exploit the CVE-2022-44698 zero-day vulnerability and circumvent Windows’ Mark-of-the-Web security warnings.

The CVE-2022-44698 vulnerability was exploitable via three attack vectors: First, In a web-based attack scenario, an attacker could host a malicious website that exploits the security feature bypass.

Second, To exploit the bypass in an email or instant message attack scenario, the attacker could send the targeted user a specially crafted.url file. Third, compromised websites or websites that accept or host user-provided content may contain specially crafted content designed to circumvent security features.

Qbot (AKA Quakbot) is an old and well-known banking trojan that continues to pose a significant threat to victims by tricking them into opening malicious files or visiting attacker-controlled websites.

The sources for this piece include an article in BleedingComputer.