Current phishing wave (Qakbot)  [25.06.21]

Qakbot is a malware that connects to a hijacked mailbox, uses the mails and contacts it contains, and sends customized replies to the senders. The Qakbot malware is currently distributed exclusively via email. The appearance of the malicious emails looks authentic and professional.

Therefore, please be careful when you receive emails with a link to a file or an attached encrypted file.

In general, a check of the e-mails can be performed, for example, with the following "3-second security check":

• Is the sender's e-mail address known?
• Does the sender address differ from the display name?
• Does the subject make sense?
• Is an attachment expected from this email address at this time?
• Does the content relate to the email history?

Should an incident occur, please report it to itsec@uni-hohenheim.de. Potentially infected systems should be isolated from the network immediately to prevent further spread of the malware in the network by lateral movement. To do this, pull the network cable.

In this context, reference should be made to the awareness learning modules on IT security.

If you have any questions, please contact kim-it@uni-hohenheim.de.

Back to All news