• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
new qbot banking trojan campaign hijacks business emails to spread

New QBot Banking Trojan Campaign Hijacks Business Emails to Spread Malware

You are here: Home / General Cyber Security News / New QBot Banking Trojan Campaign Hijacks Business Emails to Spread Malware
April 17, 2023

A new QBot malware marketing campaign is leveraging hijacked business enterprise correspondence to trick unsuspecting victims into putting in the malware, new conclusions from Kaspersky expose.

The latest action, which commenced on April 4, 2023, has principally specific consumers in Germany, Argentina, Italy, Algeria, Spain, the U.S., Russia, France, the U.K., and Morocco.

QBot (aka Qakbot or Pinkslipbot) is a banking trojan which is recognised to be lively because at minimum 2007. Apart from stealing passwords and cookies from web browsers, it doubles up as a backdoor to inject future-phase payloads this sort of as Cobalt Strike or ransomware.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Dispersed through phishing strategies, the malware has witnessed constant updates all through its lifetime that pack in anti-VM, anti-debugging, and anti-sandbox procedures to evade detection. It has also emerged as the most widespread malware for the thirty day period of March 2023, for every Check Stage.

“Early on, it was distributed as a result of infected internet websites and pirated software program,” Kaspersky scientists stated, explaining QBot’s distribution approaches. “Now the banker is sent to prospective victims through malware now residing on their personal computers, social engineering, and spam mailings.”

Email thread hijacking attacks are not new. It takes place when cybercriminals insert on their own into existing enterprise discussions or initiate new discussions centered on info beforehand gleaned by compromised email accounts.

The aim is to entice victims into opening destructive inbound links or malicious attachments, in this scenario, an enclosed PDF file that masquerades as a Microsoft Office 365 or Microsoft Azure notify.

Approaching WEBINARMaster the Artwork of Dark Web Intelligence Gathering

Learn the art of extracting menace intelligence from the dark web – Sign up for this qualified-led webinar!

Help save My Seat!

Opening the doc prospects to the retrieval of an archive file from an infected web-site that, in convert, includes an obfuscated Windows Script File (.WSF). The script, for its component, incorporates a PowerShell script that downloads malicious DLL from a distant server. The downloaded DLL is the QBot malware.

The conclusions come as Elastic Security Labs unearthed a multi-stage social engineering campaign that employs weaponized Microsoft Word documents to distribute Agent Tesla and XWorm by means of a tailor made .NET-based mostly loader.

Discovered this posting interesting? Abide by us on Twitter  and LinkedIn to read through a lot more distinctive articles we put up.


Some areas of this short article are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Qbot Banking Trojan Increasingly Delivered Via Business Emails
Next Post: Ransomware Attack Hits Payments Giant NCR’s Datacenter Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
  • PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
  • Securing Data in the AI Era
  • Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
  • Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
  • CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
  • Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
  • Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
  • Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
  • What Security Leaders Need to Know About AI Governance for SaaS

Copyright © TheCyberSecurity.News, All Rights Reserved.