The Computer Security Incident Response Team of the Nigerian Communications Commission has issued a warning regarding a vulnerability that is allegedly present in all versions of Windows-based products and poses a risk of malware and phishing assaults.89
The Director of Public Affairs for the Commission, Reuben Muoka, issued a warning that the phishing attack on Windows can load harmful QBot malware without invoking any windows security alerts on the infected system.
The advisory read: “To take advantage of the Windows Mark of the Web zero-day vulnerability, threat actors have switched to a new phishing strategy that involves propagating JS files (plain text files that include JavaScript code) signed with forged signatures. The newest phishing attempt begins with an email that contains a password for the file along with a link to an allegedly important document.
“When the link is clicked, a password-protected ZIP folder that includes another zip file and an IMG file is downloaded. Normally, launching the JS file in Windows would result in a Mark of the Web security warning because it is an Internet-based file.
“However, the forged signature permits the JS script to function and load the malicious QBot program without triggering any Windows security alerts.”
According to the NCC-CSIRT, the new phishing exploit on Windows zero-day vulnerability to drop a Qbot malware without displaying Mark of the Web (MoTW) security warnings, was found by ProxyLife security researcher.
NCC-CSIRT further advised users to frequently apply updates per vendor instructions.
CSIRT was established by the NCC to concentrate on telecom-related issues that can have an impact on customers and the general public.
The Federal Government established ngCERT in order to lessen the frequency of upcoming computer risk occurrences.
The ngCERT collaborates with the CSIRT to prevent assaults, they prepare, safeguard, and secure Nigerian cyberspace.