The Rising Cases of Qbot Spam Campaigns

Recently, researchers discovered that the Qbot spam campaign continue to rise and is a cause of concern. Read on to know more about it…

For nearly a decade, QakBot, also known as QBot, has existed. The trojan was first discovered in the wild in 2007, and it has since been continuously maintained and evolved to the point that it is now one of the leading trojans around the globe.

According to Kaspersky researchers, the number of users affected by the QBot increased by 65 percent in the first seven months of 2021 compared to the previous year. Most of the trojan’s campaigns, which affected over 12000 users, were primarily observed in Q1 2021. Nonetheless, the QakBot operators’ attacking trend, which includes the aggressive use of phishing emails, appears to continue.

Deployment of the SquirrelWaffle

Researchers from Minerva Labs discovered a new phishing campaign on November 8 that executed a malicious Excel file. The Excel file instructs users to enable the macro while attempting to download three distinct files in the background using regsvr32.exe.

This macro creates a network connection in order to deploy the SquirrelWaffle dropper, which causes the QBot to be downloaded in the final stage.

Increased Use of Phishing During Pandemic

Malwarebytes Threat Intelligence researchers shared details about QBot’s other phishing campaign, pointing out that the attackers are using various email subjects to lure as many users as possible. One of these subject of the email is about information pertaining to Coronavirus.

‘Test Message’ and ‘PSE crane quotes for Hereford and Plainview projects.’ are the other two subjects.

These emails contain a zip file that, once opened, downloads the QBot trojan.

QBot’s Evolution is a Source of Concern

The QakBot has been enhanced with additional malicious modules in addition to its data-stealing abilities.

Cookie Grabber, Hidden VNC, Email Collector, Hooking, Proxy, and Passgrabber modules have been discovered in the malware, according to Kaspersky researchers.

Threat actors can use these modules to collect cookies, connect to the infecting machine without the user’s knowledge, exfiltrate emails to remote servers, and steal login passwords.

Conclusion

QakBot has been around for over a decade and shows no signs of slowing down. The addition of new capabilities and modules implies that threat actors intend to steal more information and increase their revenue. The adoption of various anti-evasion techniques by trojan operators, on the other hand, is a major challenge that must be taken into account. As a result, organizations must enhance endpoint security to detect such attacks before they can cause any further damage.

Related posts

New Relic Expands Presence in India with New Bengaluru Office Space to Drive Innovation and Support Growing Global Customer Demand

AWS Appoints edForce as an Authorised Training Partner to Strengthen Cloud Skill Development in India

Nxtra by Airtel Becomes First Data Centre in India to Deploy AI for Enhanced Operational Excellence

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More