There have been reports of a new wave of Qakbot campaigns that use a novel method of distributing malware as part of the delivery process. The name of this sophisticated malware is Qakbot, though this malware has several different names, such as Pinkslipbot, and QuakBot.
Research has found that Qakbot campaigns have been operating since 2007, and they are using OneNote documents to get the word out to the public. Infected systems tend to have malicious software that targets sensitive data from the systems, such as login credentials, financial data, and personal information.
It has been observed that Qakbot has been used in recent years to distribute ransomware via other botnets, such as Emotet, which drops a secondary payload onto their botnets.
In-Depth Discussion of the Subject
- As part of these campaigns, malware is delivered using two attack vectors; one attacker embeds the URL into the email to download the malicious file, and the other uses the malicious file as an attachment in an email.
- Documents in OneNote feature a call-to-action button that runs the payload associated with the document when clicked.
- Qakbot uses various evasion methods, su
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from CySecurity News – Latest Information Security and Hacking IncidentsRead the original article: