QBot malware phishing campaigns have adopted a new distribution method using SVG files to perform HTML smuggling that locally creates a malicious installer for Windows.
This attack is made through embedded SVG files containing JavaScript that reassemble a Base64 encoded QBot malware installer that is automatically downloaded through the target’s browser.
QBot is a Windows malware arriving via a phishing email that loads other payloads, including Cobalt Strike, Brute Ratel, and ransomware.
Read more…
Source: Bleeping Computer