HQ/EMEAFind out how we can help your business
The notorious Qbot (Qakbot) threat group has transitioned from a banking trojan into a versatile botnet that could execute various cybercriminal activities. Researchers recently discovered a new malicious operation that spreads the Qbot botnet through malware-laden PDF files attached to replies and forwards of existing emails.
Based on reports, the attackers hijacked average-looking emails, with a reply sent to a targeted user. Moreover, the email could infect its recipients as it contains a malicious archive.
The actors have also acquired the recipients’ addresses from the original recipient and CC list. This operation could also reach thousands of individuals since the dates of the actual emails span from 2018 to 2022. This detail also indicates that the emails are not recent.
The details of the replies are not related to the first email, but they include messages that prompt users to access the attachment.
The Qbot campaign also leverages MS Azure to deceive its victims further.
According to investigations, the Qbot emails present the Microsoft Azure logo once the recipients open the PDF files. In addition, the file also includes a deceptive message that urges the users to press the ‘Open’ button.
The users will then be redirected by the email to a malicious URL after clicking the button. Subsequently, the operation will start to download a password-protected compressed ZIP archive.
Further investigation revealed that the campaign developers created the obfuscated script code among dummy texts to bypass security detections.
According to a cybersecurity report, The Qakbot, aka Qbot, became one of the most infectious malware families for phishing attacks last year.
A few months ago, the malware operators experimented with OneNote as their new malware distributor. Researchers called the campaign QakNote, as the Qbot operators distributed their attacks through MS OneNote attachments that contained HTML files.
Qbot has also become one of the most destructive campaigns this year, and they have been shifting from one operation to another to earn lucrative amounts of profits. Cybersecurity experts advise organisations that their employees should avoid opening emails from unknown sources and unwanted communications to mitigate such threats.
