US Election Interference Lure Used by QBot Banking Malware to Steal Your Data
As President-elect Joe Biden's victory in the US Elections 2020 gets confirmed, users are urged to remain vigilant about cyber threats where hackers are targeting mass data collection by using the question of election interference as bait. A recent report by Malwarebytes security labs has uncovered a new data theft campaign, where threat actors are hijacking existing email threads to spread attachments that have the QBot banking trojan embedded in file. These threads typically include a Microsoft Excel file, which is disguised as a genuine election interference survey form by using the DocuSign electronic verification standard. The documents have a macro embedded within it, which users are urged to enable after downloading and opening the file.
Once the macro is enabled, the QBot trojan gets downloaded and embedded into a user's system. Once the file gets downloaded, QBot then pings its remote command servers and awaits instructions. The remote code execution (RCE) vulnerability henceforth monitors the system on which it has been downloaded, exfiltrates all the data and can potentially steal sensitive information stored on a user's drive. Alongside tapping the available data, QBot also actively monitors the victim's email account, in order to grab other email threads and potentially sensitive data in order to be used for future data theft and related hacking campaigns.
Such attacks are not uncommon — in fact, using notable world events to spread infected files is one of the most common techniques that have been adopted by hackers across the world. One of the most notable instances of this is how the Covid-19 pandemic was used as bait by threat actors globally, who put up infected sites, or spread emails with infected attachments that were based on numerous topics related to Covid-19. With the 2020 US Elections attracting considerable attention from all quarters, widespread malware campaigns such as the one noted here are most likely one of many such attempts to scam users of their data.