New QBot Banking Trojan Campaign Hijacks Business Emails to Spread Malware

A new QBot malware campaign is leveraging hijacked business correspondence to trick unsuspecting victims into installing the malware, new findings from Kaspersky reveal.

The latest activity, which commenced on April 4, 2023, has primarily targeted users in Germany, Argentina, Italy, Algeria, Spain, the U.S., Russia, France, the U.K., and Morocco.

QBot (aka Qakbot or Pinkslipbot) is a banking trojan that’s known to be active since at least 2007. Besides stealing passwords and cookies from web browsers, it doubles up as a backdoor to inject next-stage payloads such as Cobalt Strike or ransomware.

Distributed via phishing campaigns, the malware has seen constant updates during its lifetime that pack in anti-VM, anti-debugging, and anti-sandbox techniques to evade detection. It has also emerged as the most prevalent malware for the month of March 2023, per Check Point.

“Early on, it was distributed through infected websites and pirated software,” Kaspersky researchers said, explaining QBot’s distribution methods. “Now the banker is delivered to potential victims through malware already residing on their computers, social engineering, and spam mailings.”

Email thread hijacking attacks are not new. It occurs when cybercriminals insert themselves into existing business conversations or initiate new conversations based on information previously gleaned by compromised email accounts.

The goal is to entice victims into opening malicious links or malicious attachments, in this case, an enclosed PDF file that masquerades as a Microsoft Office 365 or Microsoft Azure alert.

Opening the document leads to the retrieval of an archive file from an infected website that, in turn, contains an obfuscated Windows Script File (.WSF). The script, for its part, incorporates a PowerShell script that downloads malicious DLL from a remote server. The downloaded DLL is the QBot malware.

The findings come as Elastic Security Labs unearthed a multi-stage social engineering campaign that employs weaponized Microsoft Word documents to distribute Agent Tesla and XWorm by means of a custom .NET-based loader.

Kommentar verfassen Kommentieren abbrechen

London, GB

8:51 am, Mai 19, 2025

12°C

L: 11° | H: 13°

Fühlt sich an wie 11°C° overcast clouds

Luftfeuchtigkeit: 77 %

Druck: 1021 mb

Wind: 8 mph NNE

Windböe: 10 mph

UV-Index: 0

Niederschlag: 0 mm

Wolken: 100%

Regen Chance: 0%

Sichtbarkeit: 10 km

Sonnenaufgang: 5:02 am

Sonnenuntergang: 8:51 pm

TäglichStündlich

Tägliche VorhersageStündliche Vorhersage

Today 10:00 pm

11° | 13°°C 0 mm 0% 11 mph 77 % 1021 mb 0 mm/h

Tomorrow 10:00 pm

10° | 21°°C 0 mm 0% 9 mph 69 % 1022 mb 0 mm/h

Mi. Mai 21 10:00 pm

14° | 22°°C 0 mm 0% 12 mph 63 % 1020 mb 0 mm/h

Do. Mai 22 10:00 pm

11° | 18°°C 0 mm 0% 12 mph 64 % 1023 mb 0 mm/h

Fr. Mai 23 10:00 pm

7° | 19°°C 0 mm 0% 9 mph 69 % 1024 mb 0 mm/h

Today 10:00 am

12° | 14°°C 0 mm 0% 7 mph 77 % 1021 mb 0 mm/h

Today 1:00 pm

14° | 18°°C 0 mm 0% 9 mph 67 % 1021 mb 0 mm/h

Today 4:00 pm

16° | 19°°C 0 mm 0% 11 mph 52 % 1020 mb 0 mm/h

Today 7:00 pm

17° | 17°°C 0 mm 0% 9 mph 46 % 1020 mb 0 mm/h

Today 10:00 pm

13° | 13°°C 0 mm 0% 6 mph 63 % 1021 mb 0 mm/h

Tomorrow 1:00 am

11° | 11°°C 0 mm 0% 5 mph 66 % 1022 mb 0 mm/h

Tomorrow 4:00 am

10° | 10°°C 0 mm 0% 5 mph 69 % 1021 mb 0 mm/h

Tomorrow 7:00 am

11° | 11°°C 0 mm 0% 6 mph 63 % 1022 mb 0 mm/h

Name	Preis	24H (%)
Bitcoin(BTC)	€91,905.24	-0.73%
Ethereum(ETH)	€2,143.42	-4.20%
Fesseln(USDT)	€0.89	0.00%
XRP(XRP)	€2.07	-3.03%
Solana(SOL)	€144.61	-4.69%
USDC(USDC)	€0.89	0.01%
Dogecoin(DOGE)	€0.195265	-0.82%
Shiba Inu(SHIB)	€0.000013	-2.92%
Pepe(PEPE)	€0.000012	1.15%
Peanut das Eichhörnchen(PNUT)	€0.288878	-6.55%

New QBot Banking Trojan Campaign Hijacks Business Emails to Spread Malware

Teilen:

Kommentar verfassen Kommentieren abbrechen

Verbindung zum Dienstprogramm

Nützlicher Link

Newsletter

Folgen Sie uns