Sunday, November 10, 2024
Homecyber securityQakBot Malware Exploiting Windows Zero-Day To Gain System Privileges

QakBot Malware Exploiting Windows Zero-Day To Gain System Privileges

Published on

Malware protection

Hackers exploit the Windows zero-day vulnerabilities, as they offer great advantages.

This means that no patches or defenses exist for zero-day vulnerabilities as software vendors are unaware of them, consequently, hackers have a certain period to start their attacks before the vulnerability is found and stopped.

Exploiting these flaws allows hackers to access many users, get important data, or take over systems.

- Advertisement - SIEM as a Service

Cybersecurity researchers at Kaspersky recently identified that the QakBot malware has been actively exploiting the Windows zero-day to gain system privileges.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

QakBot Malware Exploiting Windows Zero-Day

In early April 2024, while investigating the previously disclosed Windows DWM Core Library EoP vulnerability CVE-2023-36033, researchers at Kaspersky discovered a VirusTotal document from April 1st describing a new, unpatched Windows Desktop Window Manager (DWM) vulnerability that could also lead to system privilege escalation. 

Despite poor writing quality and missing exploitation details, analysis confirmed this was a new “zero-day.” 

Kaspersky reported their findings to Microsoft, leading to the designation “CVE-2024-30051” and a patch released on May 14, 2024, as part of that month’s Patch Tuesday updates.

After reporting the Windows DWM zero-day CVE-2024-30051 to Microsoft, Kaspersky closely monitored for related exploits. 

In mid-April, an exploit was discovered that was being used to deliver QakBot and other malware, indicating multiple threat actors had access to this vulnerability. 

Kaspersky plans to publish technical details once users have time to patch and currently detect exploitation attempts and associated malware with the following rulings:-

  • PDM:Exploit.Win32.Generic
  • PDM:Trojan.Win32.Generic
  • UDS:DangerousObject.Multi.Generic
  • Trojan.Win32.Agent.gen
  • Trojan.Win32.CobaltStrike.gen

Protecting users and systems necessitates responsible disclosure of zero-day vulnerabilities and patching.

However, the rapid exploitation of this zero-day by multiple threat actors distributing malware like QakBot also highlights why users and organizations must remain vigilant and apply security updates promptly.

To mitigate zero days until patches can be installed, security researchers must employ ongoing monitoring and behavior-based detection capabilities.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

CISA Warns of Critical Palo Alto Networks Vulnerability Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns organizations of a critical vulnerability...

Cisco Desk Phone Series Vulnerability Lets Remote Attacker Access Sensitive Information

A significant vulnerability (CVE-2024-20445) has been discovered in Cisco Desk Phone 9800 Series, IP...

Cisco Flaw Let Attackers Run Command as Root User

A critical vulnerability has been discovered in Cisco Unified Industrial Wireless Software, which affects...

Researchers Detailed Credential Abuse Cycle

The United States Department of Justice has unsealed an indictment against Anonymous Sudan, a...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

HookBot Malware Use Overlay Attacks Impersonate As Popular Brands To Steal Data

The HookBot malware family employs overlay attacks to trick users into revealing sensitive information...

ToxicPanda Banking Malware Attacking Banking Users To Steal Logins

Recent research has uncovered a new strain of malware developed for Android devices, initially...

APT36 Hackers Attacking Windows Deevices With ElizaRAT

APT36, a sophisticated threat actor, has been actively targeting Indian entities with advanced malware...