The malware managers known as “Qbot” are back in the attack, this time seeming to focus on the systems on which Windows is installed, taking advantage of the installers on them.
to me Latest DiscoveriesNow, this malware is being adapted to take advantage of Windows, infecting more systems and stealing more data.
Qbot has been a known malware for a few years now, and is usually distributed via malicious emails. These messages contain Office files containing macros, which when activated download the latest version of the malware onto the system.
However, Microsoft has made life difficult for anyone running malware campaigns in this format by disabling Office macros by default — and making them considerably more difficult to activate. That’s why it seems that Qbot’s creators are now moving towards distributing it via modified installation files.
The files, mostly .MSI, are provided as attachments in campaign emails, in an effort to get users to install the software on the system under the most varied pretexts.
Remember that Qbot has been known since at least 2007. It focuses on stealing victims’ bank details, as well as personal information and as much of their financial data as possible, as well as opening the door for other malware to be installed.
Due to its online history, Qbot has also been used by many ransomware groups to infect corporate internal networks and lead to more data theft.