A notorious banking trojan aimed at stealing bank account credentials and other financial information has now come back with new tricks up its sleeve to target government, military, and manufacturing sectors in the US and Europe, according to new research.
In an analysis released by Check Point Research today, the latest wave of Qbot activity appears to have dovetailed with the return of Emotet — another email-based malware behind several botnet-driven spam campaigns and ransomware attacks — last month, with the new sample capable of covertly gathering all email threads from a victim’s Outlook client and using them for later malspam campaigns.
“These days Qbot is much more dangerous than it was previously — it has an active malspam campaign which infects organizations, and it manages to use a ‘third-party’ infection infrastructure like Emotet’s to spread the threat even further,” the cybersecurity firm said.
Using Hijacked Email Threads as Lures
First documented in 2008, Qbot (aka QuakBot, QakBot, or Pinkslipbot) has evolved over the years from an information stealer to a “Swiss Army knife” adept in delivering other kinds of malware, including Prolock ransomware, and…