Qbot Malware Can Read Your Email

Uploaded on 2022-02-16 in TECHNOLOGY--Resilience, TECHNOLOGY--Hackers, FREE TO VIEW

A new phishing campaign analysed by threat intelligence provider Check Point reveals how the old malware trojan has been repurposed to phish people by capturing their email threads. This malware called Qbot continues to target Windows PCs and other devices with new effectiveness. Although the malware first emerged in 2007, it remains a threat to Windows users. 

Qbot, otherwise known as Qakbot or QuakBot, is an old software threat to Windows users that pre-dates the first iPhone and has been continually developed.  Known for collecting browsing data and stealing banking credentials and other financial information from victims. It is highly structured, multi-layered, and is being continuously developed with new features to extend its capabilities.

Now, it appears that Qbot has gained a module that reads through email threads to improve the message’s apparent legitimacy to victims. In October, cyber security research company DFIR was able to obtain a sample of the malware and conduct analysis on its current form, finding that the tool is still able to easily exploit key apps, including Microsoft Outlook. 

The malware’s operators rely on clickable phishing messages, and deploy social engineering tactics in the form of tax payment reminders, job offers, and Covid-19 alerts to lure victims into clicking malicious links.

More specifically, the analysts report that it takes half an hour for the adversaries to steal browser data and emails from Outlook and 50 minutes before they jump to an adjacent workstation. DFIR found that there are certain cases where initial access was unknown, however, was it is likely delivered through a Microsoft Excel document that was configured by the attackers to download malware from a web page. 

Windows users should be aware of the ongoing threat and exercise caution when clicking email links from unknown or unexpected addresses. The malware hides malicious processes and creates scheduled tasks to persist on a machine. Once running on an infected device, it uses multiple techniques for lateral movement.

Qbot’s authors leverage legitimate Microsoft tools to their advantage, effectively raiding an entire network within 30 minutes of the victim’s click and they have now branched out to ransomware.

  • Security firm Kaspersky has said that Qbot malware has infected 65% MORE PCS in the six months to July 2021 compared to last year.
  • Microsoft has highlighted the effectiveness of Qbot malware for its modular design that makes it difficult to detect. 
  • The FBI has warned that Qbot trojans are used to distribute ProLock, a "human-operated ransomware". 

Regardless of how a Qbot malware infection is delivered, it is essential to remember that almost all begin with an email and this is the main access point that organisations need to strengthen.

Current malware counter measures are mostly focused on addressing Windows-based threats, leaving many public and private cloud deployments vulnerable to attacks that target Linux-based workloads. Linux is the most common cloud operating system and is a core part of digital infrastructure and is quickly becoming an attackers' favoured rout ro access a multi-cloud  environment.  All of these cyber security issues need far more attention.

CheckPoint:    DFIR REport:    Microsoft:    HelpNet Security:    TechRepublic:   Oodlaoop:    FBI:     

ZDNet:    Bleeping Computer:    

You Might Also Read: 

Beware PowerPoint Files With Hidden Malware:

 

« Russian Cyber Attacks On Ukraine Increase
Cyber Security Regulations For Smart Devices »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Open Networking Foundation (ONF)

Open Networking Foundation (ONF)

The Open Networking Foundation (ONF) is a non-profit operator led consortium driving transformation of network infrastructure and carrier business models.

Genie Networks

Genie Networks

Genie Networks is a leading technology company providing networking and security solutions for optimizing the performance of large networks.

TokenOne

TokenOne

TokenOne is a Cyber Security software company that makes it easy to replace passwords, tokens and other forms of authentication with a more secure solution.

Seltek Technology Solutions

Seltek Technology Solutions

Seltek provides Digital Forensics, eDiscovery, Cybersecurity Assessments and IT Support services.

Fedco International

Fedco International

Fedco International is an IT and SCADA ICS Security consultancy firm.

Intrinium

Intrinium

Intrinium is an Information Technology and Security Solutions company, providing comprehensive consulting and managed services to businesses of all sizes.

Meterian

Meterian

The Meterian Platform is a fuss-free solution to protect you against vulnerabilities in your app’s software supply chain.

Comparitech

Comparitech

Comparitech strives to promote cyber security and privacy for all. We are committed to providing detailed information to help our readers become more cyber secure and cyber aware.

Zeva

Zeva

Zeva solves complex identity and encryption challenges for the federal government and corporations around the globe.

FPG Technologies & Solutions

FPG Technologies & Solutions

FPG Technology is a technology solutions provider and systems integrator, specializing in delivering IT Consulting, IT Security, Cloud, Mobility, Infrastructure solutions and services.

Advent One

Advent One

Advent One are recognised for solving intricate dilemmas, not only making technology work but building foundations that customers can grow upon in an effective and secure way.

Jera IT

Jera IT

Jera IT provide fully managed IT support, cybersecurity services, telecoms systems, and IT strategy consultancy to businesses based in Aberdeen and the surrounding area.

Delta Partners

Delta Partners

Delta Partners is a venture capital firm investing in Ireland and the United Kingdom with a strong focus on early stage technology companies.

Panoplia Digital Protection

Panoplia Digital Protection

Panoplia Digital Protection is a cutting-edge cybersecurity company that leverages the power of AI and ML to help businesses and consumers protect themselves against cyber threats.

Vambrace Cybersecurity

Vambrace Cybersecurity

Vambrace is an experienced cybersecurity consultancy and operations outsourcer helping you to secure your business in an increasingly-hostile cyber environment.

ArmourZero

ArmourZero

ArmourZero help organisations redefine their cybersecurity strategy - increase visibility, minimise complexity, manage risk, and enhance protection, all under a unified security operations platform.