People in the U.S., Russia, France, Morocco, Germany, Argentina, Algeria, Spain, Italy, and the U.K. are being subjected to a new QBot malware campaign since April 4 that facilitated compromise through business email thread hijacking, according to The Hacker News.
Attackers behind the campaign have either been slipping into existing email threads or creating new email conversations with information from previously compromised email accounts to lure targets into opening a PDF file pretending to be a Microsoft Azure or Office 365 alert, a Kaspersky report showed.
Such a document, when opened, would prompt archive file retrieval from a compromised website, with the file's embedded obfuscated Windows Script File enabling the download of the QBot malware, researchers noted.
"Early on, [QBot] was distributed through infected websites and pirated software. Now the banker is delivered to potential victims through malware already residing on their computers, social engineering, and spam mailings," said researchers.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds