Security News > 2020 > August > Qbot trojan hijacking email threads to carry out phishing campaigns
The latest variant of this trojan extracts email threads from Outlook, which it uses for phishing attacks, says Check Point Research.
A new phishing campaign analyzed by threat intelligence provider Check Point reveals how the old Qbot trojan has been repurposed to phish people by capturing their email threads.
After a computer is infected, Qbot turns on a special "Email collector module," which extracts email threads from the Microsoft Outlook client and uploads them to a remote server.
Attackers use these stolen threads for phishing campaigns by making their own scam emails appear to be part of the conversation.
"The threat actors behind Qbot are investing heavily in its development to enable data theft on a massive scale from organizations and individuals. We have seen active malspam campaigns distributing Qbot directly, as well as the use of third-party infection infrastructures like Emotet's to spread the threat even further."
News URL
Related news
- Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans (source)
- Beware of phishing emails delivering backdoored Linux VMs! (source)
- New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Phishing emails increasingly use SVG attachments to evade detection (source)