Qbot Malware email phishing using election campaigns

November 27, 2020
qbot malware election campaign spam phishing email malspam

With the United States on the hot plate with its current election, recent QBot attacks have also been observed working its dreaded activity simultaneously. Cybersecurity experts have submitted their malware analysis report containing evidence of infected attachment with the subject of the 2020 Election of the most powerful nation in the world.

Based on the evidence submitted, threat actors use compromised business email addresses that they have been previously penetrated to disguise the legitimacy of the email they are sending to the intended victim. In this way, the victim will not suspect that such bait came from any adversary and be lured into opening the attachment. The infection will currently be intended to extract sensitive information from the victim’s computer and use the compromised account to perform further MalSpamming on other campaigns.

In the recently recorded observation, QBot has been on the top list of the malware that many cybersecurity has been monitoring since its resurfacing last year. Many reported incidents noticeably been pointing to the QBot activity when it comes to the spear-phishing penetration. With the Emotet malware aid, the penetration of the adversary with QBot becomes a hundred percent success rate as observed.

 

Furthermore, cybersecurity experts that monitor QBot also confirmed that the new malware variant has become more lethal and always ensures its infecting mission.

 

The revised QBot is now equipped with a stealthier infection process to avoid being detected by any security software. Based on the reconnaissance report, QBot is deployed through a segmented transfer file to bypass any malware detection to confuse installed security software. Upon completion of the completed file’s transmission to the targeted device, another attribute will kick-in, which is self-extraction. Once fully established, this will signal the adversary that the infiltration has been completed and ready to receive command and control. The magnitude of infection was given importance in the report. Evidence also confirmed that aside from adding the current infected device to the bot network, the malware can easily transmit the infectious file to other devices connected to the same network even if it is connected through WIFI services.

As per the report conclusion, QBot is becoming a dreaded name to the security of many organizations. Since its discovery in 2008, the ingenuity of evolving from a mere malicious code to a more destructive malware only proves that adversaries behind it are always planning over time to upgrade the code than any security software developer. In this instance, we must also keep the pace in battling against these attacks. Aside from relying on installed security software, everyone should be educated to be more vigilant and always scrutinize everything received from the internet.

The election may be concluded, but from the numerous reported incident that has been compromised reported, we are to expect more from QBot in the upcoming future.

About the author

Leave a Reply