• Tue. Aug 22nd, 2023

QBot Trojan Uses Compromised Emails to Spread Malware

May 5, 2023
QBot Trojan Uses Compromised Emails to Spread Malware
Esme Greene
Latest posts by Esme Greene (see all)

According to Kaspersky Lab, a new QBot malware campaign is making its way through compromised business emails, installing malware on the devices of unsuspecting victims.

The QBot malware is a type of malicious software that is currently spreading through compromised business emails. Its goal is to deceive unsuspecting victims into downloading the virus onto their devices, where it can steal critical information such as passwords and cookies from web browsers. The malware can also function as a backdoor, enabling cybercriminals to introduce other harmful payloads, like ransomware or Cobalt Strike.

The malicious software referred to as QBot, also recognized as Qakbot or Pinkslipbot, has been in existence since 2007 and has undergone numerous revisions to avoid being detected and scrutinized by security experts. Its usual distribution method is via phishing attempts and it is currently focusing on victims in a range of a some countries. According to CheckPoint analysts, QBot became the most common malware in March 2023.

In the latest QBot campaign, cybercriminals are using a fake PDF file to deceive their victims. Once the victim clicks on the “Open” button, they’re directed to a website to download a ZIP archive. The archive contains an obfuscated Windows script file with a “.wsf” extension that executes a PowerShell script, ultimately resulting in the installation of QBot malware on the victim’s computer.

Email hijacking attacks are not a new phenomenon, and they occur cybercriminals breach ongoing business conversations or commence new ones using intel obtained through hacked email accounts. The aim of such attacks is to trick targets into clicking on harmful links or downloading malevolent attachments, which could result in damage not only to the individual but also to the entire organization.

Once the QBot malware infects a computer, it can steal sensitive data within thirty minutes and infect neighboring workstations within an hour, potentially causing widespread damage. It’s critical to be vigilant when receiving emails, especially from unknown sources, and avoid clicking on links or downloading attachments without verifying their authenticity first.