Connect with us

Hi, what are you looking for?

News

Qbot Malware Spike Hits Corporate Emails with Malicious PDF

Malware
Malware

Earlier this month, Kaspersky discovered a Qbot malware spike targeting corporate users, spread via a malicious spam-email campaign. Attackers use advanced social engineering techniques: they intercept existing work correspondence and forward malicious PDF attachments to the same email threads.

The last method is considered unusual for this malware. Since April 4, more than 5,000 emails containing PDF attachments have been received in various countries, with the campaign continuing. Kaspersky researchers conducted a technical analysis of the scheme.

Qbot is a notorious banking Trojan that functions as part of a botnet network. It is capable of stealing data such as passwords and work correspondence. Also, it allows threat actors to control an infected system and install ransomware, or other Trojans on other devices in the network.

The operators of the malware use various distribution schemes, including sending emails with malicious PDF attachments – not commonly observed within this campaign before.

Since early April, Kaspersky observed a spike in activity from a spam email campaign using this particular scheme with PDF attachments. The wave began on the evening of April 4, and since then the experts have discovered more than 5,000 spam emails with PDF files spreading this malware in English, German, Italian, and French.

The banker is distributed through the real work correspondence of a potential victim, stolen by cybercriminals. They forward an email to all participants of the existing thread and usually ask them to open the malicious PDF attachment under various plausible circumstances. For example, attackers could ask to share all the documentation related to the attachment or calculate the amount of the contract according to the costs estimated in the attachment.

“We recommend companies stay vigilant because Qbot malware is very harmful, even though its core functionality hasn’t changed over the last two years. The operators are constantly enhancing their techniques, adding new convincing elements of social engineering.

“This increases the likelihood that an employee will fall victim to the ploy. To remain safe, carefully check various red flags, such as sender’s email address spelling, weird attachments, grammatical errors, and so on. In addition, specialised cybersecurity solutions can help ensure the security of corporate emails,” said Darya Ivanova, Malware Analyst at Kaspersky.

The content of the PDF file is an image mimicking a notification from Microsoft Office 365 or Microsoft Azure. If a user clicks ‘Open’, the malicious archive downloads to their computer from a remote server (compromised website).

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

ad

You May Also Like

News

Russia’s Ministry of Health has unveiled a revolutionary development in cancer treatment—a personalized mRNA-based cancer vaccine that will be distributed free of charge beginning...

News

Democratic Republic of Congo’s (DRC) health ministry has identified the previously mysterious illness in the Panzi health zone as a severe form of malaria...

News

Nigerian Communications Commission (NCC) has hosted a virtual stakeholders’ forum to discuss the draft Application-to-Person (A2P) licensing framework. The event, held on December 20,...

Tech

Sytemap, a trusted leader in land acquisition and technology solutions, is thrilled to announce a groundbreaking initiative designed to empower women through affordable and...