Security News > 2020 > November > QBot phishing lures victims using US election interference emails
The Qbot botnet is now spewing U.S. election-themed phishing emails used to infect victims with malicious payloads designed to harvest user data and emails for use in future campaigns.
"In addition to stealing and exfiltrating data from its victims, QBot will also start grabbing emails that will later be used as part of the next malspam campaigns," Malwarebytes' Jérôme Segura and Hossein Jazi explain.
Attackers are also often using exploit kits to drop Qbot payloads, with the bot subsequently infecting other devices on the victims' network using network share exploits and highly aggressive brute-force attacks that target Active Directory admin accounts.
Qbot has also seen a resurgence last year, being dropped as a first stage or as a second stage malware payload by the Emotet gang, as well as part of a context-aware phishing campaign in March 2019 using hijacked email threads.
During 2020, Qbot was used to harvest credentials from customers of dozens of U.S. financial institutions and to deliver ProLock ransomware following Qbot spear-phishing campaigns.
News URL
Related news
- Beware of phishing emails delivering backdoored Linux VMs! (source)
- US warns of last-minute Iranian and Russian election influence ops (source)
- New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Phishing emails increasingly use SVG attachments to evade detection (source)
- European companies hit with effective DocuSign-themed phishing emails (source)