Qbot malware is back after ten years with terrifying new features

Get a free Techzine subscription!

Qbot first appeared about ten years ago. It went into the shadows and has resurfaced with new features. It is now roaming the wild with one of the new features that give it the ability to hijack Microsoft Outlook email threads. 

In a detailed report by Check Point Software Technologies researchers, the new Qbot iteration has come back with malware as dangerous as that of a Swiss Army Knife. 

It is capable of stealing information from infection machines that include credit card information and passwords. It can now install other malware that activates ransomware. With it, the bot controller can connect to someone’s account and make banking transactions, hijack email threads, and with those threads, spread to other machines.

The Swiss Army Knife is quite the weapon

The new version was first detected in a recent Emotet Trojan campaign that first appeared sometime in July. Emotet is distributed using a phishing campaign that targets Microsoft users. It was first described in detail on February 19.

After days or weeks, the Emotet variant can install other malware forms on the computers they infect.

The Emotet campaign’s version of Qbot has a new command and control infrastructure with new malware techniques.

New techniques require new defenses

Qbot is spreading using something called a malspasm. The trojan would activate a select email collector module, which extracts email threads from Outlook client and uploads itself to a remote server to trigger in other campaigns.

It comes with other malware that can be used to do things like harvest credentials.

Qbot works by exploiting end-user weaknesses. For companies to protect from it, they have to do things like teach password management, create stronger passwords, and show employees how to keep their computers clean by screening everything.