{"id":30414,"date":"2022-04-20T05:03:32","date_gmt":"2022-04-19T18:03:32","guid":{"rendered":"https:\/\/www.kaspersky.com.au\/blog\/qbot-emotet-spam-mailing\/30414\/"},"modified":"2022-04-20T05:03:32","modified_gmt":"2022-04-19T18:03:32","slug":"qbot-emotet-spam-mailing","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.au\/blog\/qbot-emotet-spam-mailing\/30414\/","title":{"rendered":"Malware in e-mail on the rise"},"content":{"rendered":"<p>Our experts have detected significant growth in complex malicious spam e-mails targeting organizations in various countries. The number of these malicious e-mails grew from around 3000 in February 2022 to approximately 30,000 in March. So far, our technologies have detected malicious e-mails written in English, French, Hungarian, Italian, Norwegian, Polish, Russian, Slovenian and Spanish languages.<\/p>\n<h2>How cybercriminals infect victim\u2019s devices<\/h2>\n<p>Cybercriminals allegedly intercept active e-mail conversations on business matters and send the recipients an e-mail containing either a malicious file or a link in order to infect their devices with a banking trojan. Such scheme makes those messages harder to detect and increases the chances that recipient will fall for the trick.<\/p>\n<p>Some letters that cybercriminals send to the recipients contains a malicious attachment. In other cases, it has a link which leads to a file placed in a legitimate popular cloud-hosting service. Often, malware is contained in an encrypted archive, with the password mentioned in the e-mail body. To convince users to open attachment or download the file via the link, the attackers usually state that it contains some important information, such as a commercial offer.<\/p>\n<p>Our experts have concluded that these e-mails are being distributed as part of a coordinated campaign that aims to spread banking Trojans.<\/p>\n<h2>What kind of malware attackers are using and how dangerous are they?<\/h2>\n<p>In most cases when victims opens a malicious document, it downloads and launches the <a href=\"https:\/\/securelist.com\/qakbot-technical-analysis\/103931\/\" target=\"_blank\" rel=\"noopener\">Qbot<\/a> malware, but our experts has also observed that some of these documents download <a href=\"https:\/\/securelist.com\/emotet-modules-and-recent-attacks\/106290\/\" target=\"_blank\" rel=\"noopener\">Emotet<\/a> instead. Both malware strains are capable of stealing users\u2019 data, collecting data on an infected corporate network, spreading further in the network, and installing ransomware or other Trojans on other network devices. Qbot also can access and steal e-mails.<\/p>\n<h2>How to stay safe<\/h2>\n<p>In order to stay safe from attacks by Qbot and Emotet (or any other malware spreading via e-mail), we recommend the following:<\/p>\n<ul>\n<li>Installing a reliable <a href=\"https:\/\/www.kaspersky.com.au\/small-to-medium-business-security\/mail-security-appliance?icid=au_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">security solution on a mail gateway level<\/a> \u2014 it will automatically filter out spam and malicious messages before end-users even have a chance to make a mistake.<\/li>\n<li>Providing your staff with basic <a href=\"https:\/\/k-asap.com\/en\/?icid=au_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder____kasap___\" target=\"_blank\" rel=\"noopener\">cybersecurity hygiene training<\/a> \u2014 it can teach them to spot cybercriminal behavior (for example to know that password in the same e-mail with the encrypted archive can serve only one purpose \u2014 to deceive antimalware technologies).<\/li>\n<li>Conducting simulated attacks to ensure that your employees know how to distinguish phishing and malicious e-mails and genuine ones.<\/li>\n<li>Using a <a href=\"https:\/\/www.kaspersky.com.au\/small-to-medium-business-security?icid=au_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">security solution<\/a> on every endpoint that is connected to the Internet. In this case if your staff fall victim to an attack, it can prevent a file from opening or a malicious link from working.<\/li>\n<\/ul>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-trial\">\n","protected":false},"excerpt":{"rendered":"<p>Malicious spam campaign targeting organizations grows 10-fold in a month, spreads Qbot and Emotet malware.<\/p>\n","protected":false},"author":2704,"featured_media":30415,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,2993,2646],"tags":[1815,36,240],"class_list":{"0":"post-30414","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"category-threats","10":"tag-e-mail","11":"tag-malware-2","12":"tag-spam"},"hreflang":[{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/qbot-emotet-spam-mailing\/30414\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/qbot-emotet-spam-mailing\/24063\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/qbot-emotet-spam-mailing\/19549\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/qbot-emotet-spam-mailing\/26390\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/qbot-emotet-spam-mailing\/24337\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/qbot-emotet-spam-mailing\/27100\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/qbot-emotet-spam-mailing\/33112\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/qbot-emotet-spam-mailing\/10642\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/qbot-emotet-spam-mailing\/44144\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/qbot-emotet-spam-mailing\/18798\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/qbot-emotet-spam-mailing\/15935\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/qbot-emotet-spam-mailing\/28493\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/qbot-emotet-spam-mailing\/24964\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/qbot-emotet-spam-mailing\/30182\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.au\/blog\/tag\/e-mail\/","name":"e-mail"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/30414","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/users\/2704"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/comments?post=30414"}],"version-history":[{"count":0,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/30414\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media\/30415"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media?parent=30414"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/categories?post=30414"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/tags?post=30414"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}