More than 800 corporate users have been infected in a new QBot malware distribution campaign since September 28, Kaspersky warns.
Also known as Qakbot and Pinkslipbot, QBot is an information stealer with backdoor and self-spreading capabilities that has been around since 2009 and which is often used as the initial infection vector in malicious attacks.
Earlier this year, QBot was distributed in attacks exploiting Follina, a Microsoft Support Diagnostic Tool (MSDT) vulnerability tracked as CVE-2022-30190, which leads to remote code execution.
Since 2020, one of the main infection methods employed by QBot’s operators has been the hijacking of email threads, a technique that has been used in multiple waves of attacks and which remains successful even today.
“Qbot steals email archives from infected devices and uses the stolen emails for subsequent mailings, with the acquired information being used to lure victims into opening those emails,” Kaspersky senior security researcher Victoria Vlasova explained in a conversation with SecurityWeek.
Between September 28 and October 7, Kaspersky observed close to 1,800 users being infected with QBot worldwide. More than half of the new victims are corporate users, Vlasova says.
According to the security researcher, the United States, Italy, Germany, and India are the countries targeted the most in this new campaign.
Out of a total of 220 victims in the United States, 95 are corporate users, potentially exposing their organizations to further malicious activity, including the distribution of ransomware and other malware families.
“Employees should be especially careful now when communicating in business correspondence so as not to accidentally open a malicious file with Qbot,” Vlasova points out.
Kaspersky could not confirm the number of potentially impacted organizations and the industries that have been affected the most in this campaign.
“Corporate users can be either one in a particular organization or several in one and we cannot tell the exact number of impacted organizations in this case either,” Vlasova noted.
Given that Kaspersky has provided infection details based on data collected by its security products only, the total number of new QBot infections might be much higher.
Related: New ‘Maggie’ Backdoor Targeting Microsoft SQL Servers
Related: New ‘Shikitega’ Linux Malware Grabs Complete Control of Infected Systems
Related: ‘Xenomorph’ Android Trojan Targets 56 Banking Applications
More from Ionut Arghire
- Ransomware Will Likely Target OT Systems in EU Transport Sector: ENISA
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Malicious NuGet Packages Used to Target .NET Developers
- Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
- Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
- NBA Notifying Individuals of Data Breach at Mailing Services Provider
- Adobe Acrobat Sign Abused to Distribute Malware
Latest News
- Burnout in Cybersecurity – Can it be Prevented?
- Spain Needs More Transparency Over Pegasus: EU Lawmakers
- Ransomware Will Likely Target OT Systems in EU Transport Sector: ENISA
- Virtual Event Today: Supply Chain & Third-Party Risk Summit
- Google Suspends Chinese Shopping App Amid Security Concerns
- Verosint Launches Account Fraud Detection and Prevention Platform
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
