QBot Uses fake Windows Defender Antivirus Phishing Bait To Infect PCs

The Qbot botnet evolves with new distribution tactics that leverages fake Windows Defender Antivirus phishing emails to trick users into enabling the Macros to the Excel files.

Not, a very long ago, when new evasion tactics of Qbot is programmed to steal credentials of the U.S. banks and other online financial services offered by them.

About Qbot

The Qbot is a banking Trojan that was first discovered in 2008. And since then, it has made headlines with new invasive tactics to infect users.

The attackers behind it use it to execute various nefarious tasks:

  • steal banking credentials,
  • extract various system related information,
  • allow remote access to hackers to execute malicious tasks and
  • even install other destructive threats like Ransomware.

Distribution Tactics

The primary distribution method of Qbot is via phishing campaigns that trick users to be some email that contains an attachment or infected link. The email may appear as any invoice, fax, shipment details, job offers, banking sectors or similar.

The emails contain an infected attachment like Excel, docs or zipped files. The malware uses templates that appear to be from a reputable company or organization. When the user opens the attachments, it asks users to click on the ‘Enable Content’ pop-up appearing on the top.

If the user does so, then the malware runs the macros that initiates the installation of Qbot malware on that device.

QBot Now Uses fake Windows Defender Antivirus Phishing To Infect PCs

Qbot uses a new phishing technique that pretends to be an alert from Windows Defender Antivirus. When users open the phishing email, it contains an attachment.

QBot Uses Fake Windows Defender Antivirus Phishing Bait To Infect PCs

QBot Uses Fake Windows Defender Antivirus Phishing Bait To Infect PCs

The attackers claim that the document is encrypted and to decrypt it, users need to click on the ‘Enable Editing‘ or ‘Enable Content’ pop-up on the top of it.

If users click on the ‘Enable Content‘, the macros will start running and will download and install the Qbot and eventually may also drop the Emotet malware on the target device.

The Qbot is using clever tactics by pretending to be an alert from Windows Defender Antivirus. Any normal user may not be able to ignore this email and hence can be a victim of Qbot or other destructive threats.

As mentioned above, the Qbot is a banking trojan, so its primary goal is to steal banking related data that can be later used for monetary frauds. In recent times, there has been a surge increase in the distribution of the threat. Thus, it is very important not to fall in such traps and avoid opening emails that appears suspicious to you.

What should you do to Stay Safe From Banking Trojans?

In the case of such attacks, if you are one of the victims, there are several steps that you can take to ensure your safety and security.

  • It is always better to change the passwords. Make sure to keep the password secure that should not contain any of your personal details such as date of birth or anniversary.
  • Enable two-factor authentication for your applications.
  • Make sure to install antivirus/anti spyware program. Prefer not to look for cheap alternatives.
  • Switch on email scanning in the antivirus or anti-spyware applications. Also, install an antivirus on your smartphone.
  • If you get an email from your bank or an unknown mail ID, please do not click on any link. If it is asking you to log in to your bank account and make some changes, prefer to use the bank’s website to login.

Protect your computer with HitmanPro Now

Although, it is very important to enable 2FA on your accounts, and use strong passwords. But to keep the passwords secure you should use a reputable Password Manager tool like Dashlane(Review).

Dashlane Password Manager tool

Dashlane Password Manager tool

To secure Your Digital Wallets download DashLane Password Manager Now.

More From Unboxhow