Watch out for this malware that can hijack your email threads

How to spot Qakbot malware spreading through email

New malware presents a headache for security researchers, as teams often rush to find ways to block them. This would involve reverse-engineering the malware to figure out how it works, its capabilities and dangers to the public.

But it is not only new malware that security specialists need to look out for. Some of the most dangerous applications are the ones that are rooted in decades-old malicious code and updated with different attack methods.

Read on to see how one such malware is making a comeback and how it hijacks your email threads to steal your details.

Here’s the backstory

What started as a banking trojan called Qbot in 2007 has now morphed into Qakbot.

According to Sophos, Qakbot malware has a tricky new way of spreading. Once a victim has the malware on their device, Qakbot can inject itself into email conversations to try and find more victims.

What makes it so sneaky is that it uses the reply-all function and verbiage from previous emails. This tactic makes the email appear legitimate and easier to fool potential victims.

Sometimes the messages include phrases like “here is the document you requested” or “please see the document for review.” But if you click on the included link or download the attachment, your device will be infected with Qakbot.

The payload from Qakbot can:

  • Edit your Windows Registry
  • Send out other spam mails from your machine as part of a spambot operation
  • Steal your login credentials for various websites and services

Qakbot hasn’t lost the most dangerous aspect of its function since 2007. It can steal login details to financial services like Bank of America, Citibank, Wells Fargo, TD Ameritrade, Schwab, and PayPal.

How to avoid falling victim to Qakbot

Since the malware spreads through email threads with malicious replies, it would be easy to think the mail is safe and the response is genuine. After all, it would come from a contact that you had previously communicated with. Fortunately, there are ways to avoid falling victim. Here are some suggestions:

Here are some tips on how to stay safe:

  • Never click on links or download attachments from unsolicited tests or emails.
  • Before clicking links inside texts or emails from peole you know, get a preview of the URL by hovering your cursor over it. If it looks suspicious, don’t click on it.
  • Microsoft Windows has built-in protections for Excel and Word files. The applications will let you know if documents potentially contain harmful content. Heed the warnings and don’t disable security checks.

You should also have robust antivirus software on all your devices. We recommend our sponsor, TotalAV.

TotalAV’s industry-leading security suite is easy to use and offers the best protection in the business. They’ve received the renowned VB100 award for detecting more than 99% of malware samples for the last three years in a row.

Right now, get an annual plan of TotalAV Internet Security for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!

Keep reading

Dangerous antivirus app is hiding malware – Remove it from your phone now

QR code app caught hiding malware – Check your phone!

Tags: antivirus, applications, apps, Bank of America, capabilities, Citibank, dangers, devices, download, email, email threads, files, financial, financial services, internet, login credentials, malicious code, malware, Microsoft Windows, phone, security, security researchers, software, Sophos, steal