Phishing Attack Hijacks Users Mail Chats To Spread Malware

Cybersecurity researchers at Sophos have uncovered a botnet called Qakbot. Qakbot can hijack email threads to spread itself to more victims.

Qakbot which has been in use since 2008 is capable of delivering malware, ransomware, and other malicious payloads.

Once installed on a compromised device, Qakbot downloads a payload that hunts for email accounts. Passwords and usernames needed to access these emails are stolen in the process.

Qakbot quotes the original message from a compromised account while replying to the message. This, therefore, makes the response look more authentic.

Users who open the file attached may likely get their device compromised. Sensitive information and accounts could then be stolen by the botnet.

Users are advised to verify messages they receive even if it is from known contacts.

“The best way to protect yourself is to train yourself to recognize when a message is out of character with the person allegedly sending it, and not to click the link to download the zip file. Verify that they intended to send you the file before you open it,” Andrew Brandt, principal researcher at Sophos Labs disclosed.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web