Kaspersky has discovered a new wave of malicious email activity which spreads the dangerous malware Qbot, targeting corporate users and stealing sensitive data from networks.
After initially dying down earlier this year the second wave of attacks has taken place and now over 1,500 users have been affected since 28th September – with the number still rising.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
After a lull, a malicious campaign targeting organisations with the dangerous Qbot malware, is returning. We have detected a new wave of activity with more than 1,500 users affected. The most targeted countries include United States, Italy, Germany and India.
Qbot is a notorious banking Trojan, capable of stealing users’ data and emails from infected corporate networks, spreading further in the network, and installing ransomware or other Trojans on other devices in the network. Cybercriminals allegedly intercept active email conversations on business matters and send the recipients a message containing a link with an archived file with a password to download to infect their devices with a banking trojan. To convince users to open or download the file, the attackers usually state that it contains some important information, such as a commercial offer. Such a scheme makes these messages harder to detect and increases the chances that the recipient will fall for the trick. We have detected more than 400 infected sites spreading Qbot so far.
Imitating work correspondence is a common trick employed by cybercriminals, however this campaign is more complicated as the attackers intercept an existing conversation and essentially insert themselves into it. This method makes such messages much harder to detect, and increases the chances of the recipient opening the files. Therefore, employees should be especially careful now when communicating in business correspondence so as not to accidentally open a malicious file with Qbot.