{"id":18802,"date":"2022-04-19T10:30:11","date_gmt":"2022-04-19T18:30:11","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/04\/19\/news-12535\/"},"modified":"2022-04-19T10:30:11","modified_gmt":"2022-04-19T18:30:11","slug":"news-12535","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/04\/19\/news-12535\/","title":{"rendered":"Emotet and Qbot in spam mailouts | Kaspersky official blog"},"content":{"rendered":"

<\/p>\n

Credit to Author: Andrey Kovtun| Date: Tue, 19 Apr 2022 18:02:11 +0000<\/strong><\/p>\n

Our experts have detected significant growth in complex malicious spam e-mails targeting organizations in various countries. The number of these malicious e-mails grew from around 3000 in February 2022 to approximately 30,000 in March. So far, our technologies have detected malicious e-mails written in English, French, Hungarian, Italian, Norwegian, Polish, Russian, Slovenian and Spanish languages.<\/p>\n

How cybercriminals infect victim’s devices<\/h2>\n

Cybercriminals allegedly intercept active e-mail conversations on business matters and send the recipients an e-mail containing either a malicious file or a link in order to infect their devices with a banking trojan. Such scheme makes those messages harder to detect and increases the chances that recipient will fall for the trick.<\/p>\n

Some letters that cybercriminals send to the recipients contains a malicious attachment. In other cases, it has a link which leads to a file placed in a legitimate popular cloud-hosting service. Often, malware is contained in an encrypted archive, with the password mentioned in the e-mail body. To convince users to open attachment or download the file via the link, the attackers usually state that it contains some important information, such as a commercial offer.<\/p>\n

Our experts have concluded that these e-mails are being distributed as part of a coordinated campaign that aims to spread banking Trojans.<\/p>\n

What kind of malware attackers are using and how dangerous are they?<\/h2>\n

In most cases when victims opens a malicious document, it downloads and launches the Qbot<\/a> malware, but our experts has also observed that some of these documents download Emotet<\/a> instead. Both malware strains are capable of stealing users’ data, collecting data on an infected corporate network, spreading further in the network, and installing ransomware or other Trojans on other network devices. Qbot also can access and steal e-mails.<\/p>\n

How to stay safe<\/h2>\n

In order to stay safe from attacks by Qbot and Emotet (or any other malware spreading via e-mail), we recommend the following:<\/p>\n