Revamped Qbot Trojan Packs New Punch: Hijacks Email Threads

2020-08-27 11:14

One new Qbot feature hijacks a victim's Outlook-based email thread and uses it to infect other PCs. The 12-year-old malware resurface in January 2020, according to F5 researchers, who issued a report in June detailing new Qbot evasive features to avoid detection.

Most of the victims of the new Qbot campaigns have been in the United States, where 29 percent of Qbot attacks have been detected, followed by India, Israel and Italy, according to Check Point.

If the file is executed, Qbot then activates a special "Email collector module" to extract all email threads from the victim's Outlook client, which it then uploads to a hardcoded remote server.

The trojan picks off threads with timely and relevant subject material to try to fool victims; in the recent campaigns, Check Point researchers observed Qbot stealing emails related to Covid-19, tax-payment reminders and job recruitments.

In addition to the usual email security protections, Check Point is advising people to be especially vigilante with any email that appears to be suspicious or remotely phish-y-even if the sender is someone they know-to avoid falling victim to the revamped Qbot, Balmas said.

News URL

https://threatpost.com/revamped-qbot-trojan-packs-new-punch-hijacks-email-threads/158715/

#email #hijacks #trojan