Security News > 2020 > August > Qbot trojan hijacking email threads to carry out phishing campaigns
The latest variant of this trojan extracts email threads from Outlook, which it uses for phishing attacks, says Check Point Research.
A new phishing campaign analyzed by threat intelligence provider Check Point reveals how the old Qbot trojan has been repurposed to phish people by capturing their email threads.
After a computer is infected, Qbot turns on a special "Email collector module," which extracts email threads from the Microsoft Outlook client and uploads them to a remote server.
Attackers use these stolen threads for phishing campaigns by making their own scam emails appear to be part of the conversation.
"The threat actors behind Qbot are investing heavily in its development to enable data theft on a massive scale from organizations and individuals. We have seen active malspam campaigns distributing Qbot directly, as well as the use of third-party infection infrastructures like Emotet's to spread the threat even further."
News URL
Related news
- PoisonSeed phishing campaign behind emails with wallet seed phrases (source)
- Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft (source)
- Phishing emails delivering infostealers surge 84% (source)
- CoGUI phishing platform sent 580 million emails to steal credentials (source)
- Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails (source)