Be On The Lookout…Qakbot Malware Hiding In Email Threads

Published: June 03, 2022 on our newsletter Security Fraud News & Alerts Newsletter.



Some might recall Qbot banking malware sent chills down the backs of financial and banking institutions everywhere. Well, Qbot has since received a malicious face lift and now goes by the name Qakbot. Cyberthreat groups have been gravitating to Qakbot for its new abilities, primarily for inserting its malware into email threads or conversations, adding up to paydays too big to resist.


It’s not unusual to see email threads in a work setting, with many employees involved in the same topic sending “reply all” emails with good intent. But not so fast. Qakbot is infiltrating these email threads with ease, also sending their own infected “reply all” emails that can often bypass security as being part of the group email conversation.


Qakbot’s dangerous plan is working since those involved in email threads, especially those threads with a long list of recipients, often read and react to the emails quickly. It’s a prime scenario for cybercriminals to slip-in their own email, often with malicious .zip attachments carrying Qakbot. The email text is short, generic and avoids scrutiny by the recipients. All it takes is basic text like “Here is the document for review” for at least one recipient to open the attachment and unknowingly set Qakbot loose on their device.



The above email is an example of a Qakbot phishing email. The cybercriminal simply injected themselves in an ongoing coversation. In this case, they used a malicious link, but it could have been an attachement. Once the link is clicked, a malicious Excel file is open, shown below.



Building on Qbot’s abilities, Qakbot goes about stealing your PII, like login credentials for financial accounts. Taking time to read the email threads, Qakbot hackers also learn about payment procedures, deals in progress and how the business operates. These bad actors know their investment in time is highly rewarded by their payout.


Avoid Getting Qakked


Thanks to Qakbot, there’s good reason to question a sender in an email thread may not be legitimate. But spotting that sender in a fast and furious thread can be difficult. Fortunately, there are safety tips for all users to navigate emails and their threads more safely.


  • Use MFA (multi-factor authentication) in addition to strong passwords. Even if a password is compromised, MFA adds an extra security barrier preventing a hacker from logging into that account

  • If a password is even suspected of being stolen, change it immediately

  • Never open email attachments or click links from senders you don’t know or trust

  • Some apps let a user know if documents could have dangerous content, so pay attention and take the warning seriously

  • Educate staff to spot and report phishing emails. Employees are often the first line of defense against email phishing, and a staff that knows what to look for can be invaluable


Keep up to date: Sign up for our Fraud alerts and Updates newsletter Want to schedule a conversation? Please email us at advisor@nadicent.com

3 views0 comments