Qbot malware now uses Windows MSDT zero-day in phishing attacks


A critical Windows zero-day vulnerability, known as Follina and still waiting for an official fix from Microsoft, is now being actively exploited in ongoing phishing attacks to infect recipients with Qbot malware.

Proofpoint first reported Monday that the same zero-day was used in phishing targeting US and EU government agencies.

Last week, the enterprise security firm also revealed that the Chinese TA413 hacking group is exploiting the bug in attacks targeting the Tibetan diaspora.

Read more…
Source: Bleeping Computer