Qbot Malware Can Read Your Email

Uploaded on 2022-02-16 in TECHNOLOGY--Resilience, TECHNOLOGY--Hackers, FREE TO VIEW

A new phishing campaign analysed by threat intelligence provider Check Point reveals how the old malware trojan has been repurposed to phish people by capturing their email threads. This malware called Qbot continues to target Windows PCs and other devices with new effectiveness. Although the malware first emerged in 2007, it remains a threat to Windows users. 

Qbot, otherwise known as Qakbot or QuakBot, is an old software threat to Windows users that pre-dates the first iPhone and has been continually developed.  Known for collecting browsing data and stealing banking credentials and other financial information from victims. It is highly structured, multi-layered, and is being continuously developed with new features to extend its capabilities.

Now, it appears that Qbot has gained a module that reads through email threads to improve the message’s apparent legitimacy to victims. In October, cyber security research company DFIR was able to obtain a sample of the malware and conduct analysis on its current form, finding that the tool is still able to easily exploit key apps, including Microsoft Outlook. 

The malware’s operators rely on clickable phishing messages, and deploy social engineering tactics in the form of tax payment reminders, job offers, and Covid-19 alerts to lure victims into clicking malicious links.

More specifically, the analysts report that it takes half an hour for the adversaries to steal browser data and emails from Outlook and 50 minutes before they jump to an adjacent workstation. DFIR found that there are certain cases where initial access was unknown, however, was it is likely delivered through a Microsoft Excel document that was configured by the attackers to download malware from a web page. 

Windows users should be aware of the ongoing threat and exercise caution when clicking email links from unknown or unexpected addresses. The malware hides malicious processes and creates scheduled tasks to persist on a machine. Once running on an infected device, it uses multiple techniques for lateral movement.

Qbot’s authors leverage legitimate Microsoft tools to their advantage, effectively raiding an entire network within 30 minutes of the victim’s click and they have now branched out to ransomware.

  • Security firm Kaspersky has said that Qbot malware has infected 65% MORE PCS in the six months to July 2021 compared to last year.
  • Microsoft has highlighted the effectiveness of Qbot malware for its modular design that makes it difficult to detect. 
  • The FBI has warned that Qbot trojans are used to distribute ProLock, a "human-operated ransomware". 

Regardless of how a Qbot malware infection is delivered, it is essential to remember that almost all begin with an email and this is the main access point that organisations need to strengthen.

Current malware counter measures are mostly focused on addressing Windows-based threats, leaving many public and private cloud deployments vulnerable to attacks that target Linux-based workloads. Linux is the most common cloud operating system and is a core part of digital infrastructure and is quickly becoming an attackers' favoured rout ro access a multi-cloud  environment.  All of these cyber security issues need far more attention.

CheckPoint:    DFIR REport:    Microsoft:    HelpNet Security:    TechRepublic:   Oodlaoop:    FBI:     

ZDNet:    Bleeping Computer:    

You Might Also Read: 

Beware PowerPoint Files With Hidden Malware:

 

« Russian Cyber Attacks On Ukraine Increase
Cyber Security Regulations For Smart Devices »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ASU Online - Information Technology Program

ASU Online - Information Technology Program

The Information Technology program at ASU Online provides you with the expertise to design, select, implement and administer computer-based information solutions.

ERMProtect

ERMProtect

ERMProtect is a leading Information Security & Training Company that helps businesses improve their cybersecurity posture and comply with regulations.

iSecurity Consulting

iSecurity Consulting

iSecurity delivers a complete lifecycle of digital protection services across the globe for public and private sector clients.

AwareGO

AwareGO

AwareGO is a global provider of security awareness training content and solutions that help enterprises improve cybersecurity awareness in the workplace.

GuardDog.ai

GuardDog.ai

guardDog.ai has developed a cloud-based software service with a companion device that work together to simplify network security.

Horizon3.ai

Horizon3.ai

Horizon3.ai is a leader in security assessment and validation enabling continuous security overwatch from an attacker’s perspective through our NodeZero SaaS solution.

Dectar

Dectar

Dectar (formerly 4Securitas) is a cybersecurity company that provides solutions that predict, detect, defend and react against cybersecurity threats.

Matrium Technologies

Matrium Technologies

Matrium Technologies has been a leading provider of technology solutions since 1991, with a strong industry background in Network Testing, Network Visibility and Security.

StickmanCyber

StickmanCyber

At StickmanCyber we are on a mission to create a digital world that is safe for everyone - we are your trusted cybersecurity partner.

Sentra

Sentra

Sentra is focused on improving data security practices within the cloud, mitigating the risks of damaging data leaks by providing comprehensive visibility into critical data assets.

Superus Careers - Cyber Career Exchange

Superus Careers - Cyber Career Exchange

The Cyber Career Exchange is a specialized recruiting platform focused specifically on cybersecurity.

Centric Consulting

Centric Consulting

Centric Consulting is an international management consulting firm with unmatched expertise in business transformation, AI strategy, cyber risk management, technology implementation and adoption. 

We Hack Purple

We Hack Purple

We Hack Purple is a Canadian company dedicated to helping anyone and everyone create secure software.

Walacor

Walacor

Walacor’s secure data platform represents the next generation of secure data and blockchain storage with a trust-first approach that revolutionizes enterprise data, and database management systems.

Twine Security

Twine Security

Twine is pioneering the creation of AI digital cybersecurity employees to help improve efficiency for cybersecurity teams.

Synergy Quantum

Synergy Quantum

Synergy Quantum has pioneered a proprietary suite of military-grade, quantum-secure communication technologies.