KnowBe4 QBot is Back With New Phishing Tricks

Posted on15/10/2020

Researchers at Check Point warn that the QBot banking Trojan now has the ability to hijack email threads on infected devices and send malicious emails to the victim’s contacts. The malware’s operators began churning out phishing emails earlier this month after a brief hiatus.

“One of Qbot’s new tricks is particularly nasty, as once a machine is infected, it activates a special ‘email collector module’ which extracts all email threads from the victim’s Outlook client, and uploads it to a hardcoded remote server,” the researchers write. ”These stolen emails are then utilized for future malspam campaigns, making it easier for users to be tricked into clicking on infected attachments because the spam email appears to continue an existing legitimate email conversation. Check Point’s researchers have seen examples of targeted, hijacked email threads with subjects related to Covid-19, tax payment reminders, and job recruitments.”

Check Point adds that Qbot can also spread within a network, potentially gaining access to more email accounts from which it can propagate even farther.

“Once the victim has been infected, their computer is compromised, and they are also a potential threat to other computers in the local network because of Qbot’s lateral movement capabilities,” the researchers write. “The malware then checks whether the victim can also be a potential bot as part of Qbot’s infrastructure.”

This campaign is widespread and indiscriminate, but the most-targeted sectors are government, military, manufacturing, insurance/legal, and healthcare. The researchers conclude that Qbot’s developers can be expected to continue adding improvements to their malware.

“These days Qbot is much more dangerous than it was previously – it has[an] active malspam campaign which infects organizations, and it manages to use a ‘3rd party’ infection infrastructure like Emotet’s to spread the threat even further,” they write.

New-school security awareness training can teach your employees to be wary of clicking on links in emails, even if the messages are sent from a trusted account.

Check Point has the story.


KnowBe4 is the world’s most largest and popular integrated Security Awareness Training combined with Simulated Phishing attack platform, utilizing social engineering methods and strategies to conduct training. Founded in 2010, a US company located in Tama Bay, Florida with over 19,000 customers base across different sectors globally. Managing by CEO & employees of ex-antivirus experts and IT security Pros. KnowBe4 has been a winner of two consecutive Inc. 500 awards.

Pick the Type of Solution that Best Suits You

Contact us for quotation, we will give you the best pricing and advice!

Contact Us Now



Create a free account to save loved items.

Sign in

Create a free account to use wishlists.

Sign in