News

Intruders taught Trojan Qbot to hide in branches of existing messaging

Qbot banker disseminator that is known since 2009 launched another email-campaign, though with some innovations.

Experts of command for special operations from American JASK company established that intruders are now masking malware messages by using existing electronic correspondence.

Hyperlink on download for Trojan virus for Windows inserted in real answer on mail that was already sent by potential victim. According to JASK notification, email becomes inbuilt in existing branch of email correspondence. This allows lulling target’s vigilance and bypassing spam protection.

Greg Longo, JASK

“This email was not blocked by an anti-spam gateway. It was a context-aware targeted response to an existing email thread,” wrote Greg Longo, senior threat analyst with JASK, in an email-based interview.

He also added that aim of such attacks is stealing confidential financial information, including back account credentials.

Infecting happens by the following algorithm. Fishing letter arrives with the link on Microsoft OneDrive file that delivers Microsoft Visual Basic Scripting Edition (VBScript) in compressed ZIP-archive. If this archive is open, attack starts the legitimate BITSAdmin Windows utility. This, in its turn, leads to activation of Wscript.exe that is another Windows utility that used for uploading Qbot «august.png» malware program from hackers’ server.

This trick applied now for delivery of long-living Trojan Qbot, also known as QakBot and Pinkslipbot. Trojan that specializes on stealing data for access to bank accounts helps cybercriminals for more than 10 years. In its popularity contributes ability to reproduce itself through removable shared media devices, and polymorphism – constant change of program code that allows bypassing antivirus protection.

Despite that Trojan virus Qbot is relatively well studied, specialists cannot block its spread since 2009. To avoid catching this virus, you should be careful while opening emails even from address that you trust.

Source: https://threatpost.com

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove News-xbuhoxu.store Pop-up Ads

About News-xbuhoxu.store News-xbuhoxu.store pop-ups can not open out of nowhere. If you have actually clicked…

12 hours ago

Remove News-xbadeyo.today Pop-up Ads

About News-xbadeyo.today News-xbadeyo.today pop-ups can not introduce out of nowhere. If you have clicked on…

12 hours ago

Remove News-bbutohu.info Pop-up Ads

About News-bbutohu.info News-bbutohu.info pop-ups can not open out of nowhere. If you have actually clicked…

12 hours ago

Remove News-bbucoxe.today Pop-up Ads

About News-bbucoxe.today News-bbucoxe.today pop-ups can not launch out of the blue. If you have clicked…

12 hours ago

Remove News-xdetake.cc Pop-up Ads

About News-xdetake.cc News-xdetake.cc pop-ups can not expose out of nowhere. If you have clicked on…

15 hours ago

Remove News-bbufiya.today Pop-up Ads

About News-bbufiya.today News-bbufiya.today pop-ups can not expose out of nowhere. If you have clicked some…

15 hours ago