Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • Email Attacks Using Fear of Election Interference to Spread QBot
  • Cyber Attacks
  • Data Breach
  • Malware

Email Attacks Using Fear of Election Interference to Spread QBot

5 years ago David Bisson
Email Attacks Using Fear of Election Interference to Spread QBot

Digital attackers launched a malicious email campaign that used fear of election interference in order to spread the QBot trojan.

On November 4, Malwarebytes came across an attack email. This message arrived as a thread reply in an attempt to boost its legitimacy.

The body of the email did not include the recipient’s name or other personal information. Instead, it gave a short salutation and asked the recipient to review an attached document entitled “ElectionInterference_529259401.xls.”

Screenshot of the malicious email with the ElectionInterference attachment. (Source: Malwarebytes)

Those responsible for this campaign crafted the attached Excel sheet in such a way that it appeared to be a document encrypted by DocuSign. Subsequently, this file instructed the recipient to click the “Enable Content” button so that they could view its contents.

Compliance with this request caused a malicious macro to load QBot by pulling down the threat from a URL. This location was encoded in a cell of the Excel document’s Cyrillic-named sheet “Лист3.”

After establishing a connection with its Command-and-Control (C&C) server and receiving instructions, QBot got to work stealing emails that it could use for future malspam campaigns. It then gathered up those emails along with other stolen data and exfiltrated it to its handlers.

This attack wasn’t the first time that QBot made headlines in the last few months of the year. For instance, the trojan climbed from 10th place to 6th place on a monthly “most wanted malware” list for September 2020. Emotet, another malware family which is a common distributor of QBot, maintained its lead on that list for the third consecutive month.

Just days later, security researchers revealed that digital attackers had incorporated a Windows Defender Antivirus theme into their malicious documents that they used to spread QBot.

News of these campaigns highlight the need for organizations to defend themselves against email-borne attacks. They can do this by educating their users about some of the most common types of phishing attacks that are in circulation today.

The post ” Email Attacks Using Fear of Election Interference to Spread QBot” appeared first on TripWire

Source:TripWire – David Bisson

Tags: Encryption, Malware, Phishing, TripWire

Continue Reading

Previous Capcom hacked. Resident Evil game developer discloses cyber attack
Next Malspam Campaign Milks Election Uncertainty

More Stories

  • Cyber Attacks
  • Data Breach
  • Malware

GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data

1 hour ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

The Kill Chain Is Obsolete When Your AI Agent Is the Threat

4 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks

4 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

4 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns

9 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise

21 hours ago [email protected] (The Hacker News)

Recent Posts

  • GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data
  • The Kill Chain Is Obsolete When Your AI Agent Is the Threat
  • Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks
  • Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse
  • FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT