New Qakbot campaign with PDF files  [24.04.23]

General information about Qakbot
Qakbot is a modular malware that can be used for different purposes. Attackers spread Qakbot via email to gain initial access to an organization's network. network. Once this has been achieved, further malware is subsequently installed (e.g. Ransomware). Qakbot has been around since 2007 and has been constantly evolving ever since. This constant evolution is what makes Qakbot so dangerous, because countermeasures have to be adapted again and again.

New approach with PDF files as mail attachments
This April, security researchers became aware of a new Qakbot variant. In this case, PDF files are PDF files are sent via e-mail in phishing campaigns. When the recipient tries to open the PDF attachment attachment, the PDF file does not open. Instead, a ZIP file is downloaded to the device. downloaded to the device. When the user opens this ZIP file, the WSF file contained in it (Windows Script File) is executed unnoticed and the device becomes infected. As the infection progresses, additional malware is further malware is downloaded unnoticed.

Please note the following measures

1. Be careful when you receive an e-mail with a PDF attachment, even if the sender seems to be known. If in doubt, call the sender at the number you know and have the authenticity of the mail and the harmlessness of the attachment confirmed by phone.
2. If a PDF file you wanted to open does not open, but a ZIP file is downloaded instead, please inform the Information Security Department .
   Important: Do not open the downloaded ZIP file.

If you have any questions, please contact the Information Security Department.

Back to All news