"QBot Malware Infects Over 800 Corporate Users in New, Ongoing Campaign"

Security researchers at Kaspersky have found that more than 800 corporate users have been infected in a new QBot malware distribution campaign since September 28.  Also known as Qakbot and Pinkslipbot, QBot is an information stealer with backdoor and self-spreading capabilities that has been around since 2009 and is often used as the initial infection vector in malicious attacks.  Earlier this year, The researchers saw that QBot was distributed in attacks exploiting Follina, a Microsoft Support Diagnostic Tool (MSDT) vulnerability tracked as CVE-2022-30190, which leads to remote code execution.  Since 2020, one of the main infection methods employed by QBot’s operators has been the hijacking of email threads, a technique that has been used in multiple waves of attacks and remains successful even today.  The researchers stated that between September 28 and October 7, they observed close to 1,800 users being infected with QBot worldwide.  More than half of the new victims are corporate users.  According to the researchers, the United States, Italy, Germany, and India are the countries targeted the most in this new campaign.  Out of a total of 220 victims in the United States, 95 are corporate users, potentially exposing their organizations to further malicious activity, including the distribution of ransomware and other malware families.

SecurityWeek reports: "QBot Malware Infects Over 800 Corporate Users in New, Ongoing Campaign"