Recently , Cybercriminals seized the chance to cause to attack the millions of people watching the US presidential election coverage by conducting a malware attacked disguised with emails claiming to hold information about possible election interference.

As the high amount of postal votes lead to many delays in the release of official results and possible legal challenges and recounts being demanded, the traffic garnered by news reports related to this has been very high. Spam campaigns exploiting and using this situation for their own gain began being shared not lon gafter polls closed. Qbot banking Trojan was included in the emails which, when opened by recipients resulted in the hijacking of the email account. A subsequent move was that the email woul dthen be sent out to more contacts.

In this campaign, searches are completed for for emails including the term “election” and a reply is sent out to these emails. A zip file is attached to the emails named “ElectionInterference” with the zip file containing a malicious spreadsheet. These messages aim to encourage the recipient to open the attached spreadsheet spreadsheet to find important details about interference in the US election. As incumbent President Trump continues to claim that there was fraud occurring during the election count these messages seem very reliable to recipients. This spreadsheet is similar in style to a safe DocuSign file and the user is instructed to activate content to decode this file and see the contents. However, completing this action will allow macros to run which will quietly download the Qbot Trojan.

The Qbot Trojan was created in 2008 but has had many updates over the years, including the addition of many new features to evade and avoid modern security solutions. This included the ability to override Outlook email threads, the same technique is used by the Emotet Trojan to increase chances of their damaging content being opened by recipients.

In addition to targeting vulnerable customers of huge financial institutions, Qbot Trojan aims to steal protected information such as credit card info and important passwords. Qbot is a malware deliverer and the operators gang up with other dangerous groups to lead to mass sending of malicious payloads with ransomware being delivered.

These threat actors take avail of any chance to infect all devices with malware. A huge amount of COVID-19 themed lures and Election-themed spam emails are likely to be shared as further legal action is expected in relation to the election results. Threat actors will also target Black Friday, Cyber Monday and many other holiday times to use phishing lures to steal credentials and spread malware.

All businesses can defend against these phishing and malspam campaigns using a mix of a spam filters, web filters, antivirus software and end user training. For more information on protecting your business against emails and web based threats, contact TitanHQ now.