QBot phishing abuses Windows Control Panel EXE to infect devices


Phishing emails distributing the QBot malware are using a DLL hijacking flaw in the Windows 10 Control Panel to infect computers, likely as an attempt to evade detection by security software.

DLL hijacking is a common attack method that takes advantage of how Dynamic Link Libraries (DLLs) are loaded in Windows.

When a Windows executable is launched, it will search for any DLL dependencies in the Windows search path. However, if a threat actor creates a malicious DLL using the same name as one of the program’s required DLLs and stores it in the same folder as the executable, the program would load that malicious DLL instead and infect the computer.

Read more…
Source: Bleeping Computer