![]() A Qakbot-transmitted malspam with an embedded link to a OneNote document In these versions of the malspam, the recipient’s last name is repeated on the subject line of the message, but the messages are pretty impersonal otherwise. On Tuesday, we observed two parallel spam campaigns: In one, the malicious emails embed a link, prompting the recipient to download a weaponized. one documents (also called “Notebooks” by Microsoft) in their attacks on January 31. The botnet is capable of “injecting” a malicious email into the middle of existing conversational threads, hijacking the email account(s) on previously infected machines to reply to all parties in a message with either a malicious attachment or a link to a website hosting a malicious file. In our previous research into Qakbot, we noted that the threat actors typically use email messages as their initial attack vector. ![]() The malicious OneNote “notebook” is a single page document that looks like this Our initial look at this threat vector revealed a number of small-scale malware attacks, but now a more prominent malware group - Qakbot - has begun using the method in their campaigns in a much more automated, streamlined fashion. one files used by the OneNote application. Since the beginning of the year, we’ve been tracking the growth of malware threat actors taking advantage of a (previously) rarely abused Office file format – the.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |