Security News > 2021 > December > Microsoft: These are the building blocks of QBot malware attacks

Over the past few years, Qbot has grown into widely spread Windows malware that allows threat actors to steal bank credentials and Windows domain credentials, spread to other computers, and provide remote access to ransomware gangs.

Victims usually become infected with Qbot through another malware infection or via phishing campaigns using various lures, including fake invoices, payment and banking information, scanned documents, or invoices.

In a new report, Microsoft breaks down the QBot attack chain into distinct "Building blocks," which can be different depending on the operator using the malware and the type of attack they are conducting.

Macro enablement - Every Qbot campaign delivered via email utilizes malicious macros to deliver the Qbot payload. Qakbot delivery - Qbot is typically downloaded as an executable with an htm or.

QBot distribution started spiking again in November 2021 and is helped further with the emergence of the 'Squirrelwaffle' attacks.

As QBot infections can lead to various dangerous and disruptive attacks, all admins need to become intimately familiar with the malware and the tactics it uses to spread throughout a network.

News URL

https://www.bleepingcomputer.com/news/security/microsoft-these-are-the-building-blocks-of-qbot-malware-attacks/