Security News > 2020 > August > Qbot trojan hijacking email threads to carry out phishing campaigns
The latest variant of this trojan extracts email threads from Outlook, which it uses for phishing attacks, says Check Point Research.
A new phishing campaign analyzed by threat intelligence provider Check Point reveals how the old Qbot trojan has been repurposed to phish people by capturing their email threads.
After a computer is infected, Qbot turns on a special "Email collector module," which extracts email threads from the Microsoft Outlook client and uploads them to a remote server.
Attackers use these stolen threads for phishing campaigns by making their own scam emails appear to be part of the conversation.
"The threat actors behind Qbot are investing heavily in its development to enable data theft on a massive scale from organizations and individuals. We have seen active malspam campaigns distributing Qbot directly, as well as the use of third-party infection infrastructures like Emotet's to spread the threat even further."
News URL
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Beware: PayPal "New Address" feature abused to send phishing emails (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Coinbase phishing email tricks users with fake wallet migration (source)
- Why it's time for phishing prevention to move beyond email (source)
- New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records (source)