QBot, also known as Qakbot, or Pinkslipbot, is evolving as a potential threat. After a brief period of truce, QBot malware distribution has been discovered targeting organizations and corporate entities worldwide.
The new findings
Highly active since September 28, 2022, the latest campaign has affected over 1,500 users that includes more than 800 corporate users.
- The most targeted country is the U.S., with 220 targeted users including 95 corporate users.
- This is followed by Italy with 151 users, Germany with 93 users, and India with 74 users (as of 4 October 2022).
- Kaspersky has so far discovered more than 400 infected websites spreading Qbot malware.
QBot’s attack tactics
- QBot malware relies on hijacked email threads from infected devices and uses the stolen emails for subsequent mailings, with the acquired information being used to lure victims into opening those emails.
- Since 2020, it has been one of the main infection methods employed by QBot’s operators.
Recent news about QBot
- A few days ago, Black Basta Group was observed distributing Brute Ratel malware as a second-stage payload via QBot infection.
- A few months ago, the TA570 threat actor was seen exploiting the Windows vulnerability identified as Follina (CVE-2022-30190) to distribute QBot malware.
Conclusion
The Kaspersky report includes only data collected by their security products, and therefore experts suspect that the total number of new QBot infections could be much higher. With such an attack pattern, QBot operators may likely launch more destructive attacks and target a higher number of victims in the near future.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/iStock_000083471505_Medium.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/b6b1_shutterstock_583824274.jpg)
