Qakbot Resurges, Spreads through VBS Files

Through managed detection and response (MDR), we found that a lot of threats come from inbound emails. These messages usually contain phishing links, malicious attachments, or instructions. However, in our daily investigation of email metadata, we often detect threats not just in inbound emails, but even in the users’ own sent items folder. This involves an unwitting user, a possibly compromised account, and harmful messages carrying threats. In one such incident, we have been able to correlate email compromise with the intent to spread Qakbot-related email messages.

We have seen events that point to the resurgence of Qakbot, a multi-component, information-stealing threat first discovered in 2007.

Read more…
Source: Trend Micro