This malware is reading your email just 30 minutes after infecting your PC
An old malware called Qbot is still targeting Windows PCs and other devices with new nefarious efficiency. Although the malware first emerged in 2007, it remains a threat to Windows users. In October, cybersecurity research company DFIR was able to obtain a sample of the malware and conduct analysis on its current form, finding that the tool is still able to easily exploit key apps such as Microsoft’s email client, Outlook. Recently, the malware gained a module that reads through email threads to improve the message’s apparent legitimacy to victims. The malware’s operators rely on clickable phishing messages, and deploy social engineering tactics in the form of tax payment reminders, job offers, and Covid-19 alerts to lure victims into clicking malicious links.
DFIR researchers found that there are certain cases where initial access was unknown, however, was likely delivered through a Microsoft Excel document that was configured by the attackers to download malware from a web page. Qbot’s authors leverage legitimate Microsoft tools to their advantage, effectively raiding an entire network within 30 minutes of the victim’s click. Windows users should be aware of the ongoing threat and exercise caution when clicking email links from unknown or unexpected addresses.