Security News > 2022 > March > Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads
The Qakbot botnet is getting more dangerous, sinking its fangs into email threads and injecting malicious modules to pump up the core botnet's powers.
On Thursday, Sophos published a deep dive into the botnet, describing how researchers have recently seen it spreading through email thread hijacking - an attack in which malware operators malspam replies to ongoing email threads.
"The botnet spreads through email thread hijacking and collects a wide range of profile information from newly infected machines, including all the configured user accounts and permissions, installed software, running services, and more," according to the writeup, after which the botnet downloads the malicious modules.
The Qakbot malware code uses weird encryption to cover up the contents of its communications, but Sophos researchers managed to decrypt the malicious modules and to decode the botnet's command and control C2) system to figure out nterpret how Qakbot receives its marching orders.
"Qakbot is a modular, multi-purpose botnet spread by email that has become increasingly popular with attackers as a malware delivery network, like Trickbot and Emotet," said Andrew Brandt, principal threat researcher at Sophos.
Sophos analyzed a campaign in which the Qakbot botnet inserted malicious messages into existing email threads: messages that included a short sentence and a link to download a zip file containing a malicious Excel spreadsheet.
News URL
https://threatpost.com/qakbot-botnet-sprouts-fangs-injects-malware-into-email-threads/178845/
Related news
- Israeli orgs targeted with wiper malware via ESET-branded emails (source)
- AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services (source)
- Volt Typhoon rebuilds malware botnet following FBI disruption (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Botnet exploits GeoVision zero-day to install Mirai malware (source)