Warning: Undefined array key "HTTP_ACCEPT_LANGUAGE" in /home/u596154002/domains/usbusinessreviews.com/public_html/wp-includes/load.php on line 2057

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the rank-math domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u596154002/domains/usbusinessreviews.com/public_html/wp-includes/functions.php on line 6114
Watch out for this phishing attack that hijacks your email chats to spread malware - Best Business Review Site 2024

Watch out for this phishing attack that hijacks your email chats to spread malware

[ad_1]

A prolific botnet used to deliver malware, ransomware and other malicious payloads is spreading itself by hijacking email conversations in order to trick PC users into downloading it in what’s described as an “extremely active” phishing campaign.

Qakbot has plagued victims since 2008, since starting life as a banking trojan designed to steal usernames and passwords. The malware has continually added new capabilities, making it more dangerous and more effective. A recent campaign has been detailed by cybersecurity researchers at Sophos, who’ve warned that Qakbot is hijacking email threads to spread itself to more victims.

By hijacking ongoing email threads between real people, there’s a better chance that the phishing attacks will be effective because those receiving the message are likely to trust a sender they know and have received emails from in that same thread already.

Qakbot attacks are automated, spreading via the infected Windows computers of people who’ve already unwittingly fallen victim. Once installed on a compromised machine, Qakbot downloads a payload which hunts for email accounts,  stealing the username and passwords required to get into them.

Automated tools then go through the inbox and use the compromised account to send out phishing emails using reply to all to existing email threads, quoting the original message being replied to make the response look more authentic. 

SEE: Cybersecurity: Let’s get tactical (ZDNet special report)

These messages generally contain a snippet of brief text content with a request to look at an attachment, often a zip file. The messages can be sent out in a variety of languages, tailored to the language the original emails have been sent in. 

While generic messages relating to paperwork or documents might seem too bland to lure people into opening malicious attachments, the fact that the messages look like they’re coming from someone the user knows, and has been talking to, could encourage them to let their guard down and open the file.

Anyone who does this risks their device being infected by Qakbot, leaving any sensitive information or accounts on the machine ripe for being stolen. 

Machines infected with Qakbot can also be compromised with other malware, including ransomware. Cyber criminals can lease out the botnet to access machines infected with Qakbot in order to deliver their own malware payloads. 

“Qakbot is a full-service botnet that performs data theft and malware delivery services on behalf of either themselves or third parties. They clearly take advantage of credential theft to access the websites belonging to innocent third parties to use for hosting payloads,” Andrew Brandt, principal researcher at Sophos Labs told ZDNet. 

The malware remains what’s described as “extremely active” attempting to spread itself to new victims, while the authors Qakbot continue to add new features to it, including further obfuscating the malicious code to help it avoid detection and analysis. 

Users should therefore be wary of unusual emails they receive, even if they’re from known contacts, because there’s the potential that messages could be coming from a contact infected with Qakbot.

“The best way to protect yourself is to train yourself to recognize when a message is out of character with the person allegedly sending it, and not to click the link to download the zip file,” said Brandt, who added that given the message is sent from the account of someone you know, you could contact them using different methods to email to check to see if it’s really them. 

“Verify that they intended to send you the file before you open it,” he concluded.  

MORE ON CYBERSECURITY

[ad_2]

Source link

slot gacor slot gacor togel macau slot hoki bandar togel slot dana slot mahjong link slot link slot777 slot gampang maxwin slot hoki slot mahjong slot maxwin slot mpo slot777 slot toto slot toto situs toto toto slot situs toto situs toto situs toto situs toto slot88 toto slot slot gacor thailand slot bet receh situs toto situs toto slot toto slot situs toto situs toto situs toto situs togel macau toto slot slot demo slot pulsa slot pragmatic situs toto deposit dana 10k surga slot toto slot link situs toto situs toto slot situs toto situs toto slot777 slot gacor situs toto slot slot pulsa 10k toto togel situs toto slot situs toto slot gacor terpercaya slot dana slot gacor pay4d agen sbobet kedai168 kedai168 deposit pulsa situs toto slot pulsa situs toto slot pulsa situs toto situs toto situs toto slot dana toto slot situs toto slot pulsa toto slot situs toto slot pulsa situs toto situs toto situs toto toto slot toto slot slot toto akun pro maxwin situs toto slot gacor maxwin slot gacor maxwin situs toto slot slot depo 10k toto slot toto slot situs toto situs toto toto slot toto slot toto slot toto togel slot toto togel situs toto situs toto toto slot slot gacor slot gacor slot gacor situs toto situs toto cytotec toto slot situs toto situs toto toto slot situs toto situs toto slot gacor maxwin slot gacor maxwin link slot 10k slot gacor maxwin slot gacor slot pulsa situs slot 10k slot 10k toto slot toto slot situs toto situs toto situs toto bandar togel 4d toto slot toto slot situs toto toto slot