Tag

Qbot

All articles tagged with #qbot

QBot Trojan Spreading Through Business Emails with New Tactics

Originally Published 2 years ago — by The Hacker News

A new QBot malware campaign is using hijacked business emails to spread malware, primarily targeting users in Germany, Argentina, Italy, Algeria, Spain, the U.S., Russia, France, the U.K., and Morocco. QBot is a banking trojan that steals passwords and cookies from web browsers and doubles up as a backdoor to inject next-stage payloads such as Cobalt Strike or ransomware. The malware is distributed via phishing campaigns and has seen constant updates during its lifetime to evade detection. The latest campaign uses email thread hijacking attacks to trick victims into opening a malicious PDF file that leads to the retrieval of an archive file containing an obfuscated Windows Script File that downloads the QBot malware.

technology financial-security-malware banking-trojan cybersecurity email-hijacking financial-security-malware malware qbot

QBot Trojan Spreading Through Business Emails with PDF and WSF Combo

Originally Published 2 years ago — by BleepingComputer

QBot malware is now being distributed through phishing emails that use PDF attachments to download Windows Script Files (WSF) and infect Windows devices. The heavily obfuscated WSF file executes a PowerShell script that attempts to download a DLL from a list of URLs. Once executed, the QBot malware injects itself into the legitimate Windows wermgr.exe program, where it runs quietly in the background. QBot provides initial access to corporate networks for other threat actors, leading to devastating attacks on corporate networks, including ransomware attacks.

technology cybersecurity cybersecurity malware phishing qbot ransomware windows-script-files