The Qbot botnet is now pushing malware payloads via phishing emails with password-protected ZIP archive attachments containing malicious MSI Windows Installer packages.
This is the first time the Qbot operators are using this tactic, switching from their standard way of delivering the malware via phishing emails dropping Microsoft Office documents with malicious macros on targets' devices.
Security researchers suspect this move might be a direct reaction to Microsoft announcing plans to
kill malware delivery via VBA Office macros in February after
disabling Excel 4.0 (XLM) macros by default in January.
Microsoft has begun rolling out the VBA macro autoblock feature to Office for Windows users in early April 2022, starting with Version 2203 in the Current Channel (Preview) and to other release channels and older versions later.
