Qbot trojan removes email threads to perform phishing campaigns

1641036276 Qbot trojan removes email threads to perform phishing campaigns

The latest variant of this trojan removes an email thread from Outlook, which it uses for phishing attacks, says Check Point Research.

Phishing scams are a popular and often effective form of cyberattack because they rely on social engineering and human weakness to achieve their goals. There are some common missions in nature, aimed at a large and random group of people. Others are more meticulous and do careful research beforehand to better target specific people. A new phishing campaign investigated by the threat information provider Check Point reveals how an old Qbot trojan was again sent to phish people by capturing their email threads.

SEE: Social engineering: False page for business professionals (Free PDF) (TechRepublic)

In his blog post Thursday titled "The Old Bot's Nasty New Tricks: Exploring Qbot's Latest Attacks," Check Point describes Qbot (also known as Qakbot and Pinkslipbot) as a trojan Famous banking that has been around since 2008. Known for stealing banking account credentials and other financial data from its victims, Qbot is constantly updating it with new features and capabilities.

Although Qbot has been active from time to time for more than a decade, a new campaign came out from March to the end of June this year. After a short rest, another campaign emerged near the end of July. This one used the infamous Emotet trojan to install an updated version of Qbot on target computers. That discovery led Check Point to discover an updated control and management infrastructure and new malware tactics for Qbot courtesy of Emotet.

Traditionally, Qbot has been able to perform a number of malicious actions, such as:

  • Stealing information from infected devices, including passwords, emails, and credit card details.
  • Installing other malware on infected machines, including ransomware.
  • Allows the Bot administrator to connect to the victim's computer (even when the victim is logged in) to conduct banking transactions from the victim's IP address.

But the latest emphasis discovered in early August is a new trick up the aisle, that of picking up email messages. Once your computer is captured, Qbot turns on a special "email collection module", which extracts email threads from the Microsoft Outlook client and uploads them to a remote server . Attackers use these stolen threads for phishing campaigns by making their own scam emails appear to be part of the conversation. Check Point said it found hijacked threads with topics such as COVID-19, tax-paying reminders, and job hiring.

READ  LG is adding a 27-inch model to its updated UltraFine 4K OLED monitor line

Image: Check Point Research

"Our research shows how even older forms of malware can be updated with new features to make them a dangerous and persistent threat," Yaniv Balmas, head of cyber surveillance at Check Point, said in a press release. threat behind Qbot investing heavily in its development to enable large - scale data theft from organizations and individuals. We saw active malspam campaigns circulating Qbot directly, as well as the use of third-party infection infrastructures like Emotet for distribution. the danger even longer. "

To protect you and your group from Qbot attacks and other phishing scams, Check Point offers the following tips:

  1. Enter email security. Email is the No. 1 vector of attackers to hijack networks and PCs to steal data. Phishing emails that feed users to display their organization credentials or click on a malicious link or file are the No. 1 threat in the email space. Organizations must always include an email security solution that is designed to prevent these attacks automatically by using constantly updated security engines.
  2. Be suspicious. Be wary of emails that contain anonymous attachments or unusual requests, even if they appear to come from trusted sources. It is always best to check email to make sure it is valid before clicking on a link or link.
  3. Add confirmation. When dealing with bank transfers, always be sure to send a second confirmation by calling the person who requested the transfer or by calling the receiving party.
  4. Contact business partners. If an email breach has been detected in your organization, please contact all of your business partners. Any delay in notification only works towards the attacker's advantage.


    See also

    Related Posts

    Deja una respuesta

    Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *


    We use cookies to ensure that we give the best user experience on our website. If you continue to use this site we will assume that you agree. More information