A new malspam campaign pushes Emotet banking malware along with Qakbot as the follow-up malware.
The Emotet is a banking trojan that has the capabilities to steal personal information such as the username and the passwords.
Security researcher Brad Duncan tracked the malspam campaign that pushes Emotet malware and Qakbot as the follow-up malware.
Emotet banking malware is continually spreading since 2017 and it is one of the costly banking trojans and currently it spreading via large spam campaign.
The infection starts with invoice Email, that urges the users to clear the outstanding due, the email contains a link, and it asks users to click on the link to complete the payment.
An attached link points to an XML document when the user clicks on the link it downloads an XML document with the .doc extension, if the victim has MSOffice then it open’s in the Microsoft Word by default.
“The downloaded XML document has macros that, if enabled, will infect the vulnerable Windows host with Emotet,” SANS said via blog post.
Emotet is an advanced modular banking Trojan, it acts as dropper as well as the downloader, once it infects the victim’s machine it intercepts the logs, and save outgoing network traffic via a web browser leading to sensitive data being compiled to access the victim’s bank accounts.
After the initial infection, the Emotet downloads the Qakbot malware and installs to the victim machine. Both the malware remains persistent through the registry.
when Qakbot executed, it copied itself to another directory and replaced the original file with a re-named calc.exe.
The Qakbot malware is capable of monitoring the browsing activities of the infected computer and logs all information related to finance-related websites.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.
Read:
US-CERT Alerts Powerful Emotet Banking Malware Attack on Government, Private and Public Sectors
A Scary Evolution & Alliance of TrickBot, Emotet and Ryuk Ransomware Attack
GitLab has urgently released security updates to address multiple high-severity vulnerabilities in its platform that…
A high-severity security vulnerability (CVE-2025-0514) in LibreOffice, the widely used open-source office suite, has been…
Cisco Systems has disclosed a high-severity vulnerability (CVE-2025-20111) in its Nexus 3000 and 9000 Series…
A sophisticated cyber campaign orchestrated by the Chinese Advanced Persistent Threat (APT) group, Silver Fox,…
A new wave of cyberattacks attributed to the Ghostwriter Advanced Persistent Threat (APT) group has…
The LCRYX ransomware, a malicious VBScript-based threat, has re-emerged in February 2025 after its initial…