Security News > 2020 > November > QBot phishing lures victims using US election interference emails
The Qbot botnet is now spewing U.S. election-themed phishing emails used to infect victims with malicious payloads designed to harvest user data and emails for use in future campaigns.
"In addition to stealing and exfiltrating data from its victims, QBot will also start grabbing emails that will later be used as part of the next malspam campaigns," Malwarebytes' Jérôme Segura and Hossein Jazi explain.
Attackers are also often using exploit kits to drop Qbot payloads, with the bot subsequently infecting other devices on the victims' network using network share exploits and highly aggressive brute-force attacks that target Active Directory admin accounts.
Qbot has also seen a resurgence last year, being dropped as a first stage or as a second stage malware payload by the Emotet gang, as well as part of a context-aware phishing campaign in March 2019 using hijacked email threads.
During 2020, Qbot was used to harvest credentials from customers of dozens of U.S. financial institutions and to deliver ProLock ransomware following Qbot spear-phishing campaigns.
News URL
Related news
- US elections have never been more secure, says CISA chief (source)
- Pro-Iran groups lay groundwork for 'chaos and violence' as US election meddling attempts intensify (source)
- OpenAI kills Iranian accounts using ChatGPT to write US election disinfo (source)
- Spamouflage trolls pretend to be American patriots on X, TikTok ahead of US presidential election (source)
- US cracks down on Russian disinformation before 2024 election (source)
- Phishing in focus: Disinformation, election and identity fraud (source)
- New Brazilian-Linked SambaSpy Malware Targets Italian Users via Phishing Emails (source)
- AI and the 2024 US Elections (source)