Email is one of the most used communication tools on the internet, and while its efficiency and ease of use are great benefits for business and personal communications, it’s not without its risks. Cybercriminals are constantly looking for ways to access our email accounts in order to steal data, distribute malware, or engage in other forms of cybercrime.
The latest hacking campaign uses hijacked business correspondence to trick victims into installing QBot, a malware family that has been linked to several high-profile data breaches and financial losses over the years. Researchers at Kaspersky Lab have discovered a new variant of the campaign that leverages reply-chain phishing emails to deliver the malicious payload and steal login credentials, personal information, and other sensitive data from target systems.
Typically, attackers deliver the malware via infected Microsoft Office documents, but cybersecurity software usually catches these types of attachments quickly. Attackers have started to adapt to this by using various file formats in the email attachments.
In the latest campaign, bad actors are using PDF and WSF files in reply-chain phishing emails to distribute the QBot malware. When the victim clicks the attached file, the malware downloads a lure document that displays in their browser and a malicious HTML application that establishes communication with its command-and-control servers.
Once the malware is installed, it will gather the victims’ email information and sends it to the attackers. The attackers can then use this collected information to target them for further attacks.
Depending on the type of information the hackers are interested in, the victims could be targeted for identity theft, financial fraud, and even ransomware. This is why it’s important for everyone to have adequate email security, never download unexpected files, and adopt a healthy skepticism when it comes to the origins of an email and its contents.
The attack is currently targeting businesses, and is spreading through email threads and spam folders. Affected users have been found in Europe, South America, and the United States. The attackers are attempting to gain the victim’s trust by impersonating their bosses, colleagues, or partners. This tactic is often used by phishing campaigns that attempt to steal sensitive information from the victim’s organization.
The best way to stay safe from this new threat is by using strong passwords, avoiding clicking on unsolicited links and attachments, and keeping your antivirus software up-to-date. If you have any concerns about the safety of your email account, contact a cybersecurity specialist. You can also protect yourself against phishing by not opening unrecognized attachments and visiting websites directly from your browser instead of from the links in emails. Make sure your friends and coworkers are aware of the dangers of hacked emails by telling them not to click on any suspicious attachments or links. They should also keep an eye out for unusual emails that appear to be sent by you and report them immediately if they see any. For businesses, a managed security solution like AVG AntiVirus FREE can help ensure that all email traffic is encrypted and protected.