Tuesday, November 12, 2024
Homecyber securityQakBot Malware Exploiting Windows Zero-Day To Gain System Privileges

QakBot Malware Exploiting Windows Zero-Day To Gain System Privileges

Published on

Malware protection

Hackers exploit the Windows zero-day vulnerabilities, as they offer great advantages.

This means that no patches or defenses exist for zero-day vulnerabilities as software vendors are unaware of them, consequently, hackers have a certain period to start their attacks before the vulnerability is found and stopped.

Exploiting these flaws allows hackers to access many users, get important data, or take over systems.

- Advertisement - SIEM as a Service

Cybersecurity researchers at Kaspersky recently identified that the QakBot malware has been actively exploiting the Windows zero-day to gain system privileges.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

QakBot Malware Exploiting Windows Zero-Day

In early April 2024, while investigating the previously disclosed Windows DWM Core Library EoP vulnerability CVE-2023-36033, researchers at Kaspersky discovered a VirusTotal document from April 1st describing a new, unpatched Windows Desktop Window Manager (DWM) vulnerability that could also lead to system privilege escalation. 

Despite poor writing quality and missing exploitation details, analysis confirmed this was a new “zero-day.” 

Kaspersky reported their findings to Microsoft, leading to the designation “CVE-2024-30051” and a patch released on May 14, 2024, as part of that month’s Patch Tuesday updates.

After reporting the Windows DWM zero-day CVE-2024-30051 to Microsoft, Kaspersky closely monitored for related exploits. 

In mid-April, an exploit was discovered that was being used to deliver QakBot and other malware, indicating multiple threat actors had access to this vulnerability. 

Kaspersky plans to publish technical details once users have time to patch and currently detect exploitation attempts and associated malware with the following rulings:-

  • PDM:Exploit.Win32.Generic
  • PDM:Trojan.Win32.Generic
  • UDS:DangerousObject.Multi.Generic
  • Trojan.Win32.Agent.gen
  • Trojan.Win32.CobaltStrike.gen

Protecting users and systems necessitates responsible disclosure of zero-day vulnerabilities and patching.

However, the rapid exploitation of this zero-day by multiple threat actors distributing malware like QakBot also highlights why users and organizations must remain vigilant and apply security updates promptly.

To mitigate zero days until patches can be installed, security researchers must employ ongoing monitoring and behavior-based detection capabilities.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and...

Sweet Security Announces Availability of its Cloud Native Detection & Response Platform on the AWS Marketplace

Customers can now easily integrate Sweet’s runtime detection and response platform into their AWS...

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

Maximizing Agent Productivity And Security With Workforce Management Software In Contact Centers

In the bustling world of customer service, the stakes are perpetually high—every missed call...

HookBot Malware Use Overlay Attacks Impersonate As Popular Brands To Steal Data

The HookBot malware family employs overlay attacks to trick users into revealing sensitive information...