A prolific botnet used to deliver malware, ransomware and other malicious payloads is spreading itself by hijacking email conversations in order to trick PC users into downloading it in what’s described as an “extremely active” phishing campaign.
Qakbot has plagued victims since 2008, since starting life as a banking trojan designed to steal usernames and passwords. The malware has continually added new capabilities, making it more dangerous and more effective. A recent campaign has been detailed by cybersecurity researchers at Sophos, who’ve warned that Qakbot is hijacking email threads to spread itself to more victims.
By hijacking ongoing email threads between real people, there’s a better chance that the phishing attacks will be effective because those receiving the message are likely to trust a sender they know and have received emails from in that same thread already.
Qakbot attacks are automated, spreading via the infected Windows computers of people who’ve already unwittingly fallen victim. Once installed on a compromised machine, Qakbot downloads a payload which hunts for email accounts, stealing the username and passwords required to get into them.
Automated tools then go through the inbox and use the compromised account to send out phishing emails using reply to all to existing