Advertisement
Also known as Qakbot and Pinkslipbot, QBot is an information stealer with backdoor and self-spreading capabilities that has been around since 2009 and which is often used as the initial infection vector in malicious attacks.
Earlier this year, QBot was distributed in attacks exploiting Follina, a Microsoft Support Diagnostic Tool (MSDT) vulnerability tracked as CVE-2022-30190, which leads to remote code execution.
Since 2020, one of the main infection methods employed by QBot’s operators has been the hijacking of email threads, a technique that has been used in multiple waves of attacks and which remains successful even today.