New Analysis - Qakbot Abusing OneNote for Malware Distribution


Qakbot, Qbot, Pinkslipbot, and QuakBot are all names for the same complex malware. Researchers have noticed Qakbot operations leveraging OneNote papers for spreading distribution. It has been operational for well over a decade. This adds Qbot to the list of malware that uses this technique of distribution.

The campaigns alternate between two attack vectors: an email attachment containing a malicious file and a URL that can be used to download it. A call-to-action button is present in the OneNote documents, and clicking it launches the payload.

Read More…