Recently, researchers discovered that the Qbot spam campaign continue to rise and is a cause of concern. Read on to know more about it…
For nearly a decade, QakBot, also known as QBot, has existed. The trojan was first discovered in the wild in 2007, and it has since been continuously maintained and evolved to the point that it is now one of the leading trojans around the globe.
According to Kaspersky researchers, the number of users affected by the QBot increased by 65 percent in the first seven months of 2021 compared to the previous year. Most of the trojan’s campaigns, which affected over 12000 users, were primarily observed in Q1 2021. Nonetheless, the QakBot operators’ attacking trend, which includes the aggressive use of phishing emails, appears to continue.
Deployment of the SquirrelWaffle
Researchers from Minerva Labs discovered a new phishing campaign on November 8 that executed a malicious Excel file. The Excel file instructs users to enable the macro while attempting to download three distinct files in the background using regsvr32.exe.
This macro creates a network connection in order to deploy the SquirrelWaffle dropper, which causes the QBot to be downloaded in the final stage.
Increased Use of Phishing During Pandemic
Malwarebytes Threat Intelligence researchers shared details about QBot’s other phishing campaign, pointing out that the attackers are using various email subjects to lure as many users as possible. One of these subject of the email is about information pertaining to Coronavirus.
‘Test Message’ and ‘PSE crane quotes for Hereford and Plainview projects.’ are the other two subjects.
These emails contain a zip file that, once opened, downloads the QBot trojan.
QBot’s Evolution is a Source of Concern
The QakBot has been enhanced with additional malicious modules in addition to its data-stealing abilities.
Cookie Grabber, Hidden VNC, Email Collector, Hooking, Proxy, and Passgrabber modules have been discovered in the malware, according to Kaspersky researchers.
Threat actors can use these modules to collect cookies, connect to the infecting machine without the user’s knowledge, exfiltrate emails to remote servers, and steal login passwords.
Conclusion
QakBot has been around for over a decade and shows no signs of slowing down. The addition of new capabilities and modules implies that threat actors intend to steal more information and increase their revenue. The adoption of various anti-evasion techniques by trojan operators, on the other hand, is a major challenge that must be taken into account. As a result, organizations must enhance endpoint security to detect such attacks before they can cause any further damage.