Qbot Malware Can Read Your Email

Uploaded on 2022-02-16 in TECHNOLOGY--Resilience, TECHNOLOGY--Hackers, FREE TO VIEW

A new phishing campaign analysed by threat intelligence provider Check Point reveals how the old malware trojan has been repurposed to phish people by capturing their email threads. This malware called Qbot continues to target Windows PCs and other devices with new effectiveness. Although the malware first emerged in 2007, it remains a threat to Windows users. 

Qbot, otherwise known as Qakbot or QuakBot, is an old software threat to Windows users that pre-dates the first iPhone and has been continually developed.  Known for collecting browsing data and stealing banking credentials and other financial information from victims. It is highly structured, multi-layered, and is being continuously developed with new features to extend its capabilities.

Now, it appears that Qbot has gained a module that reads through email threads to improve the message’s apparent legitimacy to victims. In October, cyber security research company DFIR was able to obtain a sample of the malware and conduct analysis on its current form, finding that the tool is still able to easily exploit key apps, including Microsoft Outlook. 

The malware’s operators rely on clickable phishing messages, and deploy social engineering tactics in the form of tax payment reminders, job offers, and Covid-19 alerts to lure victims into clicking malicious links.

More specifically, the analysts report that it takes half an hour for the adversaries to steal browser data and emails from Outlook and 50 minutes before they jump to an adjacent workstation. DFIR found that there are certain cases where initial access was unknown, however, was it is likely delivered through a Microsoft Excel document that was configured by the attackers to download malware from a web page. 

Windows users should be aware of the ongoing threat and exercise caution when clicking email links from unknown or unexpected addresses. The malware hides malicious processes and creates scheduled tasks to persist on a machine. Once running on an infected device, it uses multiple techniques for lateral movement.

Qbot’s authors leverage legitimate Microsoft tools to their advantage, effectively raiding an entire network within 30 minutes of the victim’s click and they have now branched out to ransomware.

  • Security firm Kaspersky has said that Qbot malware has infected 65% MORE PCS in the six months to July 2021 compared to last year.
  • Microsoft has highlighted the effectiveness of Qbot malware for its modular design that makes it difficult to detect. 
  • The FBI has warned that Qbot trojans are used to distribute ProLock, a "human-operated ransomware". 

Regardless of how a Qbot malware infection is delivered, it is essential to remember that almost all begin with an email and this is the main access point that organisations need to strengthen.

Current malware counter measures are mostly focused on addressing Windows-based threats, leaving many public and private cloud deployments vulnerable to attacks that target Linux-based workloads. Linux is the most common cloud operating system and is a core part of digital infrastructure and is quickly becoming an attackers' favoured rout ro access a multi-cloud  environment.  All of these cyber security issues need far more attention.

CheckPoint:    DFIR REport:    Microsoft:    HelpNet Security:    TechRepublic:   Oodlaoop:    FBI:     

ZDNet:    Bleeping Computer:    

You Might Also Read: 

Beware PowerPoint Files With Hidden Malware:

 

« Russian Cyber Attacks On Ukraine Increase
Cyber Security Regulations For Smart Devices »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Stratogent

Stratogent

Stratogent does IT and Cybersecurity operations. We specialize in high-touch and high-change IT environments, especially in the biotech and pharma industry verticals.

Lumeta

Lumeta

Lumeta’s cyber situational awareness platform is the unmatched source for enterprise network infrastructure analytics and security monitoring for breach detection.

Simeio Solutions

Simeio Solutions

Simeio is a complete Identity and Access Management (IAM) solution provider that engages securely with anyone, anywhere, anytime.

Truepic

Truepic

Truepic provides technologies that prevent fraud, identity theft, misinformation, and disinformation caused by generative, manipulated, or deepfake digital content.

CodeSealer

CodeSealer

CodeSealer provide invisible end-to-end user interface protection with a unique web security solution to eliminate Man-in-the-Middle and Man-in-the-Browser vulnerabilties.

BrainChip

BrainChip

BrainChip is the leading provider of neuromorphic computing solutions, a type of artificial intelligence that is inspired by the biology of the human neuron - spiking neural networks.

Absolute IT Asset Disposals

Absolute IT Asset Disposals

Absolute IT Asset Disposals is an IT asset disposal (ITAD) company providing safe and secure recycling of IT assets.

BlackDice Cyber

BlackDice Cyber

Threat Intelligence is only part of the solution. Our solution matches threats to vulnerabilities and automatically takes remedial action against compromised apps, devices and websites.

ControlMap

ControlMap

ControlMap is a software as a service platform with a mission to simplify and eliminate stress from everyday operations of modern IT compliance teams.

Next Peak

Next Peak

Next Peak provides cyber advisory and operational services based on deep business and national security experience, thought leadership, and a network of front-line defenders.

GitProtect.io

GitProtect.io

​GitProtect is a fully manageable, professional GitHub and Bitbucket backup and recovery software that protects repositories and metadata from any event of failure.

r00tz Asylum

r00tz Asylum

r00tz Asylum is a nonprofit dedicated to teaching kids around the world how to love being white-hat hackers.

Guardey

Guardey

Guardey protects thousands of SME's environments. Whether your team works at the office, at home, at the customer or remotely. We protect your business. We do this in an accessible and affordable way.

Azerbaijan Cybersecurity Center (ACC)

Azerbaijan Cybersecurity Center (ACC)

Azerbaijan Cybersecurity Center is a state-of-the-art facility to deliver advanced cyber training programs and build the next generation of Azerbaijan’s cybersecurity professionals.

CyberEPQ

CyberEPQ

CyberEPQ (Cyber Extended Project Qualification) is the UK’s first and only Extended Project Qualification in Cyber Security.

SentryMark

SentryMark

Stay a Step Ahead of Emerging Threats. Deviate from the traditional siloed defenses and get the proactive and responsive cybersecurity solutions and services you deserve with SentryMark today.