Cybersecurity researchers at Sophos have uncovered a botnet called Qakbot. Qakbot can hijack email threads to spread itself to more victims.
Qakbot which has been in use since 2008 is capable of delivering malware, ransomware, and other malicious payloads.
Once installed on a compromised device, Qakbot downloads a payload that hunts for email accounts. Passwords and usernames needed to access these emails are stolen in the process.
Qakbot quotes the original message from a compromised account while replying to the message. This, therefore, makes the response look more authentic.
Users who open the file attached may likely get their device compromised. Sensitive information and accounts could then be stolen by the botnet.
Users are advised to verify messages they receive even if it is from known contacts.
“The best way to protect yourself is to train yourself to recognize when a message is out of character with the person allegedly sending it, and not to click the link to download the zip file. Verify that they intended to send you the file before you open it,” Andrew Brandt, principal researcher at Sophos Labs disclosed.