Phishing Attack Hijacks Users Mail Chats To Spread Malware

Share post:

Cybersecurity researchers at Sophos have uncovered a botnet called Qakbot. Qakbot can hijack email threads to spread itself to more victims.

Qakbot which has been in use since 2008 is capable of delivering malware, ransomware, and other malicious payloads.

Once installed on a compromised device, Qakbot downloads a payload that hunts for email accounts. Passwords and usernames needed to access these emails are stolen in the process.

Qakbot quotes the original message from a compromised account while replying to the message. This, therefore, makes the response look more authentic.

Users who open the file attached may likely get their device compromised. Sensitive information and accounts could then be stolen by the botnet.

Users are advised to verify messages they receive even if it is from known contacts.

“The best way to protect yourself is to train yourself to recognize when a message is out of character with the person allegedly sending it, and not to click the link to download the zip file. Verify that they intended to send you the file before you open it,” Andrew Brandt, principal researcher at Sophos Labs disclosed.

For more information, read the original story in ZDNet.

SUBSCRIBE NOW

Related articles

Russian State-Backed Cyber Attack Exploits Zero-Day Vulnerabilities in Windows and Firefox

Headline: A sophisticated cyberattack leveraging two chained zero-day vulnerabilities in Mozilla Firefox and Microsoft Windows has been confirmed by...

Starbucks Forced to Pay Baristas Manually After Ransomware Attack

A ransomware attack on Blue Yonder, a third-party scheduling software provider, has disrupted Starbucks’ ability to manage employee...

Google Launches Free Cybersecurity Certificate for Entry-Level Jobs

Google has introduced a new Cybersecurity Professional Certificate, aimed at preparing students for entry-level roles in just six...

Critical Vulnerability Leaves Millions Of Sites Vulnerable To Takeover

A severe authentication bypass vulnerability has been discovered in the WordPress plugin "Really Simple Security" (formerly *Really Simple...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways