{
	"id": "5224e0e2-ca10-40a1-a0ec-d90b4c750f6b",
	"created_at": "2026-04-06T01:29:50.749596Z",
	"updated_at": "2026-04-10T13:12:22.661885Z",
	"deleted_at": null,
	"sha1_hash": "b5b52846b70b664183a0b53e5ce3a5055cbff1ff",
	"title": "Qbot Botnet Deploys Malware Payloads Through Malicious Windows Installers",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 52138,
	"plain_text": "Qbot Botnet Deploys Malware Payloads Through Malicious\r\nWindows Installers\r\nBy Joseph Henry\r\nPublished: 2022-04-12 · Archived: 2026-04-06 01:04:33 UTC\r\nQbot operators are now relying on infecting systems by installing malware payloads on emails. These files\r\nreportedly have malware-ridden Windows Installers.\r\nAccording to cybersecurity researchers, the threat actors have done this technique for the first time. It's different\r\nfrom their previous tactic which is spreading malware through a document from Microsoft Office.\r\nWhat the Experts Think About Qbot Malware\r\nPhilipp Katzenberger from Unsplash\r\nPer Bleeping Computer's report, the experts thought that the cybercriminals have finally responded to what the\r\nMicrosoft office did earlier this year.\r\nThe Redmond firm said back in February that it will now make it tougher to activate VBA macros in Microsoft\r\nOffice applications. It has reportedly kicked off this month.\r\nIn late 2021, the tech titan noted that the presence of many \"malicious macros\" in the Office documents\r\n(pertaining to the Excel 4.0 macros) had been evident among the attackers.\r\nhttps://www.techtimes.com/articles/274190/20220412/qbot-botnet-deploys-malware-payloads-through-malicious-windows-installers.htm\r\nPage 1 of 2\n\nTo evade further security detection systems, the threat actors make use of Excel 4.0 macros. However, to properly\r\nexecute them, they will be required to manually activate them because Microsoft disabled it by default.\r\nAs such, Microsoft had done a great job in preventing hackers from gaining access to its apps. The widespread\r\nphishing schemes have been hitting Office applications. The tactic will also prevent the cybercriminals from being\r\ninvaded by various malware including TrickBot, Emotet, and Qbot to name a few.\r\nRelated Article: How to Troubleshoot Windows 10 Boot Issues [2022] [To be Published on February 22]\r\nThe History of Qbot\r\nFor those unfamiliar with Qbot, it is a notorious malware known to be hitting Windows since 2007. When it\r\ninfiltrates the system, it could gain access to the user's financial information, as well as some confidential details\r\nincluding password and email address.\r\nThe actors rely on compromising a particular network through an exploit. Previously, it has been seen to be\r\n\"aggressively\" attacking the Active Directory admin accounts.\r\nA myriad of dangerous cyberhacking groups have used it already including REvil, MegaCortex, PwndLocker,\r\nProLock, and more ransomware gangs.\r\nOver the past years, IT admins and security analysts have learned to effectively suppress the Qbot botnet. Since\r\nit's known to launch disruptive attacks on its victims, the professionals have gotten used to its signs and what\r\npreventive measures can best stop it.\r\nIn other news, ZDNet reported that attackers are now taking advantage of the Spring4Shell flaw to spread botnet\r\nmalware on their targets.\r\nParticularly, cybersecurity firms such as Qihoo 360 and Trend Micro discovered this incident in late March.\r\nPer Trend Micro analysts, the findings concluded that the Spring4Shell exploitation was clearly seen in the most\r\nvulnerable servers. The hackers have exploited the Mirai botnet malware to hit several systems in Singapore.\r\nAnother group of researchers from Unit 42 (Palo Alto Network) noted that the hackers made use of this flaw as\r\ntheir weapon. With that being said, cybercriminals have already abused it on a wide scale.\r\nRead Also: Windows Users Beware: 95% of Ransomware Attacks Target Microsoft's OS [Google Report]\r\nThis article is owned by Tech Times\r\nWritten by Joseph Henry\r\nⓒ 2026 TECHTIMES.com All rights reserved. Do not reproduce without permission.\r\nSource: https://www.techtimes.com/articles/274190/20220412/qbot-botnet-deploys-malware-payloads-through-malicious-windows-installers.h\r\ntm\r\nhttps://www.techtimes.com/articles/274190/20220412/qbot-botnet-deploys-malware-payloads-through-malicious-windows-installers.htm\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.techtimes.com/articles/274190/20220412/qbot-botnet-deploys-malware-payloads-through-malicious-windows-installers.htm"
	],
	"report_names": [
		"qbot-botnet-deploys-malware-payloads-through-malicious-windows-installers.htm"
	],
	"threat_actors": [],
	"ts_created_at": 1775438990,
	"ts_updated_at": 1775826742,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b5b52846b70b664183a0b53e5ce3a5055cbff1ff.pdf",
		"text": "https://archive.orkl.eu/b5b52846b70b664183a0b53e5ce3a5055cbff1ff.txt",
		"img": "https://archive.orkl.eu/b5b52846b70b664183a0b53e5ce3a5055cbff1ff.jpg"
	}
}