A phishing campaign dropping the Qbot banking Trojan with the help of delivery emails camouflaging as parts of previous conversations was spotted during late March 2019 by the JASK Special Operations team.
As detailed by the JASK SpecOps security researchers, “The delivery mechanism for this Qbot infection was a phishing campaign where the targeted user received an email containing a link to an online document. Interestingly enough, the delivery email was actually a reply to a pre-existing email thread.”
Qbot (also known as QakBot and Pinkslipbot) is used by malicious actors since at least 2009 to steal financial data and banking credentials from their targets, to drop additional malware, to log user keystrokes, and create a backdoor to compromised machines. The second report below provides a case study of this malware and most recent campaign.
With thanks to the Cyber Defence Alliance and Jask. More details can be found at the Jask website here: https://jask.com/back-again-uncovering-the-latest-qbot-banking-trojan/
Full report here: https://jask.com/wp-content/uploads/2019/04/Uncovering-Qbot-v6.pdf
Find out how affordable cyber security awareness training is for your organisation. Get a quote now.