"Business Emails Hijacked by New QBot Banking Trojan Campaign For Distributing Malware"
Researchers have discovered a new QBot malware campaign using compromised business communications to trick victims into installing the malware. Since April 4, 2023, the most recent activity has primarily targeted users in Germany, Argentina, Italy, Algeria, Spain, the US, Russia, France, the UK, and Morocco. Since at least 2007, the banking Trojan known as QBot, also known as Qakbot or Pinkslipbot, has been in operation. In addition to stealing credentials and cookies from web browsers, it serves as a backdoor for introducing ransomware or other next-stage payloads such as Cobalt Strike. Anti-VM, anti-debugging, and anti-sandbox techniques have been added to the malware to evade detection. According to Check Point, it was also the most pervasive malware in March 2023. According to researchers, early distribution methods for QBot included infected websites and pirated software. The banker is now distributed to potential victims via pre-installed malware, social engineering, and phishing emails. This article continues to discuss the new QBot malware campaign.