After a hiatus, a malicious email campaign is back targeting businesses with the dangerous QBot malware. Kaspersky has identified a new wave of activity affecting more than 1.500 users since September 28, 2022.
The most frequently attacked countries with QBot on companies include the USA with 193 affected users, followed by Italy with 151 affected users, Germany with 93 affected users and India with 74 affected (as of October 4, 2022). Austria and Switzerland are also affected with 17 and 14 cases respectively. Kaspersky has so far detected more than 400 infected websites distributing QBot.
Banking Trojan QBot is looking for sources of money
QBot is a notorious banking trojan that steals user data and emails from infected corporate networks, spreads further within the network and can install ransomware from other trojans on additional devices in the network. Cyber criminals supposedly intercept active business-related email conversations and send recipients a message with a link to an archived file with a password to download in order to infect their devices with a banking Trojan. In order to convince users to open or download the file, cyber criminals usually claim that it contains important information, such as an offer.
Victoria Vlasova, senior security researcher at Kaspersky, explains: “The impersonation of work correspondence is a common trick used by cybercriminals, but this campaign is more complicated. This is because the attackers record a current conversation and insert themselves into it. This method makes such messages much more difficult to spot — and increases the likelihood that the recipient will open the files. Employees should therefore now be particularly careful when communicating in business correspondence in order not to accidentally open a malicious file with QBot.”
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/