Latest Qbot Variant Evades Detection, Infects Thousands

[silversurfer]

Qbot, an information-stealing trojan that has been around for 10 years, has resurfaced again with a new phishing-based infection technique that is able to evade anti-spam defenses.
 
Varonis Security Research spotted the new global Qbot campaign in March.Researchers said they have positively identified 2,726 victims, based on analysis of one of the attacker’s servers. However, they suspect the actual number of victims is much higher. Researchers at JASK, on Tuesday, have released an analysis of the latest iteration of the Qbot malware.
 
Qbot, also known as QakBot, is known for its polymorphic behavior and its worm-like tendencies, such as being able to self-replicate via shared drives and removable media. This time around, QBot has been spreading through a phishing campaign targeting U.S. corporations and also victims in Europe, Asia, and South America.
 
The delivery mechanism for this variant of Qbot is phishing campaigns where victims receive an email containing a link to what appears to be an online document. Email purport to be an exiting email thread under the guise of the replying to a pre-existing business-based correspondence, according to JASK.

“This email was not blocked by an anti-spam gateway. It was a context-aware targeted response to an existing email thread,” wrote Greg Longo, senior threat analyst with JASK, in an email-based interview. He said the goal of the attacks are to steal proprietary financial information, including bank account credentials.

SOURCE: https://threatpost.com/qbot_new_campaign/144070/