This phishing attack hijacks email chains to power up an ancient botnet
Just because you’ve talked to someone before, doesn’t mean their latest attachment is clean
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
A new email phishing campaign has been spotted looking to compromise additionalendpointsfor the Qakbot botnet.
Qakbot has been around for almost 15 years, haivng reinvented itself on multiple occasions throughout its life, and is now hijacking people’semailthreads to distribute the payload to more devices.
Cybersecurity researchers from Sophos discovered once Qakbot infects a device, it delivers a payload that scans it for email accounts and its login credentials. If it is successful, it will go through the inbox and send out replies to every available email threat (as opposed to just sending out a new email to all contacts). The reply will carry a quote of the original message, as well as a malicious payload in the attachment.
We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time. Thank you for taking part.
Click here to start the survey in a new window«
Multi-stage attacks
By replying to an ongoing thread, instead of sending out a new email, the threat actor hopes to lower the guard of the victim. People may be vigilant when receiving shady emails out of the blue, but when they get a reply, from a known contact, in an ongoing thread, they might be more inclined to examine the contents of the attachment.
Besides English, the lure can be sent out in multiple other languages, Sophos warns, depending on the language of the original email thread.
Quakbot’s real danger, however, lies in the fact that it can serve as the stage-onemalwarein a multi-stage attack. It can deliver other, more sinister payloads, such as ransomware.
What is phishing and how dangerous is it?>Watch out - that PayPal email could be a phishing attack>Microsoft replaced as the most-phished company by a surprising entrant
“Qakbot is a full-service botnet that performs data theft and malware delivery services on behalf of either themselves or third parties. They clearly take advantage of credential theft to access the websites belonging to innocent third parties to use for hosting payloads,” Andrew Brandt, principal researcher at Sophos Labs toldZDNet.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
As usual, users are advised to be extra cautious when receiving emails with attachments, regardless of who the sender is.
Via:ZDNet
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Cisco issues patch to fix serious flaw allowing possible industrial systems takeover
Washington state court systems taken offline following cyberattack
Another reason to avoid edge-lit 4K TVs: they may fail faster than others, according to this report
