A new hacking campaign uses the dreaded “Qbot” malware.
Qbot began as a Banking Trojan, and is now used by some of the world’s biggest RansomWare operators.
According to researchers, cybercriminals are using hijacked email accounts to spread this malware. They use the stolen account to reply to an email chain. In the replied message, they distribute a PDF file called “CancellationLetter” with a number in the title. If the victim opens the file, they’d see a prompt saying, “This document contains protected files; to display them, click the “open” button.”
Pressing the button, however, downloads a ZIP file with a Windows Script (WSF) document. That file, researchers explain, is a mix of JavaScript and Visual Basic Script codes that download Qbot.
To defend against this attack, first use common sense. If you’re not expecting an email, be skeptical about its contents. Next, proper cybersecurity solutions are important: an email security solution, antivirus or a firewall. Having multi-factor authentication set up wherever possible is also a great way to protect against data and identity theft.
Finally, keeping the hardware and software up to date is crucial. By applying the latest patches and firmware updates, you’re keeping your endpoints secure from known vulnerabilities that threat actors can abuse with malware.
See msn.com for more information about this article by Sead Fadilpašić.