• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
new qbot banking trojan campaign hijacks business emails to spread

New QBot Banking Trojan Campaign Hijacks Business Emails to Spread Malware

You are here: Home / General Cyber Security News / New QBot Banking Trojan Campaign Hijacks Business Emails to Spread Malware
April 17, 2023

A new QBot malware marketing campaign is leveraging hijacked business enterprise correspondence to trick unsuspecting victims into putting in the malware, new conclusions from Kaspersky expose.

The latest action, which commenced on April 4, 2023, has principally specific consumers in Germany, Argentina, Italy, Algeria, Spain, the U.S., Russia, France, the U.K., and Morocco.

QBot (aka Qakbot or Pinkslipbot) is a banking trojan which is recognised to be lively because at minimum 2007. Apart from stealing passwords and cookies from web browsers, it doubles up as a backdoor to inject future-phase payloads this sort of as Cobalt Strike or ransomware.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Dispersed through phishing strategies, the malware has witnessed constant updates all through its lifetime that pack in anti-VM, anti-debugging, and anti-sandbox procedures to evade detection. It has also emerged as the most widespread malware for the thirty day period of March 2023, for every Check Stage.

“Early on, it was distributed as a result of infected internet websites and pirated software program,” Kaspersky scientists stated, explaining QBot’s distribution approaches. “Now the banker is sent to prospective victims through malware now residing on their personal computers, social engineering, and spam mailings.”

Email thread hijacking attacks are not new. It takes place when cybercriminals insert on their own into existing enterprise discussions or initiate new discussions centered on info beforehand gleaned by compromised email accounts.

The aim is to entice victims into opening destructive inbound links or malicious attachments, in this scenario, an enclosed PDF file that masquerades as a Microsoft Office 365 or Microsoft Azure notify.

Approaching WEBINARMaster the Artwork of Dark Web Intelligence Gathering

Learn the art of extracting menace intelligence from the dark web – Sign up for this qualified-led webinar!

Help save My Seat!

Opening the doc prospects to the retrieval of an archive file from an infected web-site that, in convert, includes an obfuscated Windows Script File (.WSF). The script, for its component, incorporates a PowerShell script that downloads malicious DLL from a distant server. The downloaded DLL is the QBot malware.

The conclusions come as Elastic Security Labs unearthed a multi-stage social engineering campaign that employs weaponized Microsoft Word documents to distribute Agent Tesla and XWorm by means of a tailor made .NET-based mostly loader.

Discovered this posting interesting? Abide by us on Twitter  and LinkedIn to read through a lot more distinctive articles we put up.


Some areas of this short article are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Qbot Banking Trojan Increasingly Delivered Via Business Emails
Next Post: Ransomware Attack Hits Payments Giant NCR’s Datacenter Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Severe Flaw in Google Cloud’s Cloud SQL Service Exposed Confidential Data
  • New Russian-Linked Malware Poses “Immediate Threat” to Energy Grids
  • Predator Android Spyware: Researchers Sound the Alarm on Alarming Capabilities
  • 5 Must-Know Facts about 5G Network Security and Its Cloud Benefits
  • Romania’s Safetech Leans into UK Cybersecurity Market
  • New COSMICENERGY Malware Exploits ICS Protocol to Sabotage Power Grids
  • Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances
  • Advanced Phishing Attacks Surge 356% in 2022
  • Expo Framework API Flaw Reveals User Data in Online Services
  • NCSC Warns Against Chinese Cyber Attacks on Critical Infrastructure

Copyright © TheCyberSecurity.News, All Rights Reserved.