Intrusos enseñaron Troya Qbot a esconderse en las ramas de mensajería existente

Qbot diseminador banquero que se conoce desde 2009 puesto en marcha otra campaña de correo electrónico, aunque con algunas innovaciones.

mixperts of command for special operations from American JASK company established that intruders are now masking malware messages by using existing electronic correspondence.

Hipervínculo de descarga de virus troyano para Windows insertados en respuesta real en el correo que ya fue enviado por víctima potencial. According to JASK notification, email becomes inbuilt in existing branch of email correspondence. This allows lulling target’s vigilance and bypassing spam protection.

Greg Longo, JASK
Greg Longo, JASK

“This email was not blocked by an anti-spam gateway. It was a context-aware targeted response to an existing email thread,” wrote Greg Longo, senior threat analyst with JASK, in an email-based interview.

He also added that aim of such attacks is stealing confidential financial information, including back account credentials.

Infecting happens by the following algorithm. Fishing letter arrives with the link on Microsoft OneDrive file that delivers Microsoft Visual Basic Scripting Edition (VBScript) in compressed ZIP-archive. If this archive is open, attack starts the legitimate BITSAdmin Windows utility. Esta, A su momento, leads to activation of Wscript.exe that is another Windows utility that used for uploading Qbot «august.png» malware program from hackers’ server.

This trick applied now for delivery of long-living Trojan Qbot, también conocido como QakBot y Pinkslipbot. Trojan that specializes on stealing data for access to bank accounts helps cybercriminals for more than 10 años. In its popularity contributes ability to reproduce itself through removable shared media devices, and polymorphism – constant change of program code that allows bypassing antivirus protection.

Despite that Trojan virus Qbot is relatively well studied, specialists cannot block its spread since 2009. To avoid catching this virus, you should be careful while opening emails even from address that you trust.

Fuente: https://threatpost.com

Acerca de Trojan Killer

Trojan Killer llevar portátil en su dispositivo de memoria. Asegúrese de que usted es capaz de ayudar a su PC resistir cualquier amenaza cibernética donde quiera que vaya.

también puedes ver

MageCart en la plataforma de nube Heroku

Los investigadores encontraron Varios MageCart Web skimmers En Heroku Cloud Platform

Investigadores de Malwarebytes informaron sobre la búsqueda de varios skimmers MageCart web en la plataforma de nube Heroku …

Android Spyware CallerSpy

máscaras spyware CallerSpy como una aplicación de chat Android

expertos de Trend Micro descubrieron que el malware CallerSpy, que enmascara como una aplicación de chat y Android, …

Deja una respuesta