Friday, May 9, 2025
HomeComputer SecurityHackers Launching Weaponized Word Document to Push Emotet & Qakbot Malware

Hackers Launching Weaponized Word Document to Push Emotet & Qakbot Malware

Published on

SIEM as a Service

Follow Us on Google News

A new malspam campaign pushes Emotet banking malware along with Qakbot as the follow-up malware.

The Emotet is a banking trojan that has the capabilities to steal personal information such as the username and the passwords.

Security researcher Brad Duncan tracked the malspam campaign that pushes Emotet malware and Qakbot as the follow-up malware.

- Advertisement - Google News

Emotet banking malware is continually spreading since 2017 and it is one of the costly banking trojans and currently it spreading via large spam campaign.

The infection starts with invoice Email, that urges the users to clear the outstanding due, the email contains a link, and it asks users to click on the link to complete the payment.

An attached link points to an XML document when the user clicks on the link it downloads an XML document with the .doc extension, if the victim has MSOffice then it open’s in the Microsoft Word by default.


Flow chart for recent Emotet malspam infections

“The downloaded XML document has macros that, if enabled, will infect the vulnerable Windows host with Emotet,” SANS said via blog post.

Emotet is an advanced modular banking Trojan, it acts as dropper as well as the downloader, once it infects the victim’s machine it intercepts the logs, and save outgoing network traffic via a web browser leading to sensitive data being compiled to access the victim’s bank accounts.

After the initial infection, the Emotet downloads the Qakbot malware and installs to the victim machine. Both the malware remains persistent through the registry.

when Qakbot executed, it copied itself to another directory and replaced the original file with a re-named calc.exe.

The Qakbot malware is capable of monitoring the browsing activities of the infected computer and logs all information related to finance-related websites.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Read:

US-CERT Alerts Powerful Emotet Banking Malware Attack on Government, Private and Public Sectors

A Scary Evolution & Alliance of TrickBot, Emotet and Ryuk Ransomware Attack

Beware !! Worlds Most Active Malware Emotet Launching New Campaign With Malicious Word and PDF Attachments

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Cyberattackers Targeting IT Help Desks for Initial Breach

Cybercriminals are increasingly impersonating IT support personnel and trusted authorities to manipulate victims into...

New Stealthy .NET Malware Hiding Malicious Payloads Within Bitmap Resources

Cybersecurity researchers at Palo Alto Networks' Unit 42 have uncovered a novel obfuscation method...

Hackers Weaponizing Facebook Ads to Deploy Multi-Stage Malware Attacks

A persistent and highly sophisticated malvertising campaign on Facebook has been uncovered by Bitdefender...

Threat Actors Target Job Seekers with Three New Unique Adversaries

Netcraft has uncovered a sharp rise in recruitment scams in 2024, driven by three...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

New Stealthy .NET Malware Hiding Malicious Payloads Within Bitmap Resources

Cybersecurity researchers at Palo Alto Networks' Unit 42 have uncovered a novel obfuscation method...

Hackers Weaponizing Facebook Ads to Deploy Multi-Stage Malware Attacks

A persistent and highly sophisticated malvertising campaign on Facebook has been uncovered by Bitdefender...

Scattered Spider Malware Targets Klaviyo, HubSpot, and Pure Storage Platforms

Silent Push researchers have identified that the notorious hacker collective Scattered Spider, also known...