The managers of the malware known as “Qbot” have returned to the attack, and this time they seem to be focusing on systems that have Windows installed, taking advantage of installation programs on it.
According to latest discoveriesthis malware is now being adapted to take advantage of Windows, infecting even more systems and stealing even more data.
Qbot has been a known malware for a few years now, and its distribution is usually via malicious email messages. These messages contain Office files with macros that, when activated, download the final version of the malware onto the system.
Microsoft has, however, been making life difficult for anyone running malware campaigns in this format by disabling macros in Office by default – and making their activation considerably more difficult. That’s why the creators of Qbot now seem to be turning to distributing it via modified installation files.
The files, mostly .MSI, are provided as attachments in the campaign’s email messages, trying to get users to install the program on the system under the most varied pretexts.
Remember that Qbot has been known since at least 2007. It focuses on stealing victims’ bank details, as well as personal information and as much of their financial data as possible, as well as opening the door for the installation of other malware. .
Given its history on the Internet, Qbot has also been used by several ransomware groups to infect companies’ internal networks and lead to even more data theft.
–