Thursday, November 5, 09:40
Home security Qbot botnet: Sends phishing emails about US elections!

Qbot botnet: Sends phishing emails about US elections!

Qbot botnet sends US election phishing emails to infect victims with malicious payloads designed to steal data users but also email. The stolen data will be used in future malicious campaigns.

Qbot botnet: Sends phishing emails about US elections!

Qbot, also known as Qakbot, Pinkslipbot and Quakbot it is one banking trojan with worm features actively used in the threat landscape at least since 2009. Cybercriminals aim to steal financial data and banking credentials, as well as developing backdoors, to infect the victim's device with malware.

The malspam emails recently identified by the team Threat Intelligence by Malwarebytes Labs presented as responses to previously stolen e-mail threads. This is a tactic used to add legitimacy and attract unsuspecting victims.

Qbot botnet: Sends phishing emails about US elections!

Phishing emails contain malicious files Excel presented as a secure DocuSign file that allegedly contained information about US election interference.

After running the Qbot malware and infecting the victims' computers, it contacts the command and control center for further instructions. As reported by Malwarebytes Jérôme Segura and Hossein Jazi, in addition to stealing and removing data from its victims, QBot also steals emails that will be used in future malspam campaigns.

Qbot botnet: Sends phishing emails about US elections!

As BleepingComputer points out, in addition to phishing campaigns, hackers often use an exploit kit to infect a system with Qbot payloads, with the bot then infecting other devices on the victims network using network sharing utilities and brute-force attacks targeting its administrator accounts Active Directory.

The Qbot banking trojan has been used mostly in attacks against corporate entities. It is noteworthy that Qbot campaigns are rare. In particular, the researchers identified one in October 2014, one in April 2016 and one in May 2017. The malicious activity of Qbot was strongly observed in 2019, used as malware that was injected in the first or second stage of a gang attack. Emotet, as well as as part of a phishing campaign in 2019 that had as its theme - bait the environment.

In addition, Qbot was used in 2020 to collect credentials from clients of dozens of US financial institutions and to disseminate ProLock ransomware after spear-phishing botnet campaigns.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Pohackontas
Pohackontashttps://www.secnews.gr
Every accomplishment starts with the decision to try.

LIVE NEWS

Qbot botnet: Sends phishing emails about US elections!

Qbot botnet sends phishing emails about the US elections in order to infect the victims with malicious payloads that ...
00:02:22

They connected a human brain to a Windows 10 computer through a vein

Human brain connected to Windows 10 computer via vein A team of scientists managed to connect a human brain to a Windows computer ...

Windows 7 continues to be the second most popular OS

The data analysis company NetMarketShare revealed that Windows 10 has a high absorption by users, reaching 64,04% from 61,26% in ...

Adobe fixes critical security vulnerabilities in Acrobat, Reader

Adobe has released security updates to address critical vulnerabilities affecting Adobe Acrobat and Reader for Windows ...

Intel: Acquired Cnvrg.io, a machine learning management platform

Intel continues to support start-ups to develop machine learning and AI features. As a final move, the ...

23 lawsuits against Blackbaud for ransomware's mismanagement

The leading cloud software provider Blackbaud received 23 lawsuits regarding the ransomware attack that the company suffered in May 2020 ....

SaltStack reveals new critical vulnerabilities - patches released

SaltStack, a VMware-owned company, has revealed some critical vulnerabilities that affect Salt2 3002 versions - and previous ...

NASA is reconnecting with the Voyager 2 that has been traveling since 1977

Nasa has finally been able to reconnect with the Voyager 2 detector, which has been traveling in space since August 1977.

NCSC: What are the highlights of the new annual report?

During its four years of operation, the National Cyber ​​Security Center of the United Kingdom (NCSC) has worked ...

Twitter hides Trump tweet for misleading claim

Twitter hid a tweet published by President Donald Trump on Tuesday night, claiming that his attempt for re-election ...