QBot operators are exploiting a DLL hijacking flaw in the Windows 10 WordPad executable known as write.exe to avoid detection. The infection may lead to the exposure of a user's email address which could be utilized in future phishing attacks. Furthermore, the impacted device can be infected by downloading other payloads, such as Cobalt Strike, for initial access. Experts revealed attackers can spread laterally throughout the network.