{
	"id": "bbc98b43-bc04-4cbd-971c-d11e4455e94b",
	"created_at": "2026-04-06T00:13:42.904261Z",
	"updated_at": "2026-04-10T13:12:22.314772Z",
	"deleted_at": null,
	"sha1_hash": "c3afaa6d8fadddf94a420e66a1d2048d19d5512b",
	"title": "Cybersecurity Threat Advisory: New QBot malware delivering campaigns discovered",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 150130,
	"plain_text": "Cybersecurity Threat Advisory: New QBot malware delivering\r\ncampaigns discovered\r\nBy Barracuda Networks\r\nPublished: 2023-04-25 · Archived: 2026-04-05 17:18:24 UTC\r\nNote: This article was originally published on SmarterMSP\r\nA new QBot malware campaign has been discovered. Using hijacked business emails, bad actors are distributing\r\nPDF and WSF file formats in reply-chain phishing emails to distribute malware. The campaign is designed to steal\r\nsensitive data from the target system, including login credentials and financial information.\r\nAssociated Indicators of Compromise (IOCs) have been added to Barracuda XDR threat intelligence and our SOC\r\nis actively monitoring this threat.\r\nWhat is the threat?\r\nThe QBot (aka Qakbot), a former banking Trojan turned malware, has been active since 2008. It has evolved to\r\ninclude sophisticated capabilities that enable it to bypass security measures and remain undetected. This malware\r\nis typically distributed through phishing emails that contain malicious attachments or links to infected websites.\r\nOnce the malware is installed, it can capture keystrokes, steal sensitive data, and even manipulate online banking\r\nsessions to steal funds.\r\nWhy is it noteworthy?\r\nThe QBot malware is a persistent threat that has been linked to multiple high-profile data breaches and financial\r\nlosses over the years. The latest campaign is noteworthy because it uses a combination of file formats in email\r\nattachments to evade detection by security software. Similar to the QBot campaign that utilized OneNote\r\nPackages, the current campaign uses PDF and WSF (Windows Script) files to deliver the malware. This technique\r\nmakes it more difficult for organizations to detect and block the malware.\r\nAdditionally, the malware is currently being distributed through reply-chain phishing emails. Threat actors use\r\nstolen email exchanges and reply to them with malicious links/attachments. This is very dangerous, as the email\r\nthreads are legitimate, and users may not realize the threat until it is too late.\r\nWhat is the exposure or risk?\r\nOrganizations that fall victim to the campaign are at risk of losing sensitive data and funds, which can have\r\nsignificant financial and reputational consequences. The malware can also spread to other systems within the\r\norganization, causing further damage and disruption. Additionally, the use of sophisticated techniques to distribute\r\nthe malware means that it may be more difficult for organizations to detect and respond to the threat in a timely\r\nmanner.\r\nhttps://blog.barracuda.com/2023/04/25/cybersecurity-threat-advisory--new-qbot-malware-delivering-campa/\r\nPage 1 of 3\n\nWhat are the recommendations?\r\nBarracuda SOC highly recommends implementing a multi-layered security approach to prevent and protect\r\nagainst these malware and phishing campaigns.\r\nProtect user mailboxes by using an email security solution, such as Barracuda’s Email Gateway Defense.\r\nUtilize Barracuda XDR network security to monitor for malicious traffic.\r\nUse a next-gen endpoint protection solution, such as Sentinel One. Next-gen protection includes behavioral\r\nanalysis and does not rely solely on signature-based detection. Recent malware campaigns are highly\r\neffective at evading detection by traditional anti-virus/security solutions.\r\nEmployees should be trained on how to recognize and report suspicious emails and attachments. Time and\r\ntime again, humans are the weakest link in security.\r\nMake sure your entire organization is protected with multi-factor authentication (MFA).\r\nKeep all systems up to date. Unpatched or outdated systems offer an easy entry point for hackers.\r\nImplement a response plan that includes regular backups, incident response procedures, and\r\ncommunication plans to minimize the impact of a successful attack.\r\nLeverage the protection of the Barracuda XDR platform. Our 24x7x365 Security Operations Center\r\nmonitors your environment around the clock to ensure your protection.\r\nNote: This article was originally published on SmarterMSP\r\nhttps://blog.barracuda.com/2023/04/25/cybersecurity-threat-advisory--new-qbot-malware-delivering-campa/\r\nPage 2 of 3\n\nWalker is a Cybersecurity Analyst at Barracuda MSP. He's a security expert working on our Blue Team within our\r\nSecurity Operations Center. Walker supports our XDR service delivery and is highly skilled at analyzing security\r\nevents to detect cyber threats, helping keep our partners and their customers protected.  \r\nSource: https://blog.barracuda.com/2023/04/25/cybersecurity-threat-advisory--new-qbot-malware-delivering-campa/\r\nhttps://blog.barracuda.com/2023/04/25/cybersecurity-threat-advisory--new-qbot-malware-delivering-campa/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://blog.barracuda.com/2023/04/25/cybersecurity-threat-advisory--new-qbot-malware-delivering-campa/"
	],
	"report_names": [
		"cybersecurity-threat-advisory--new-qbot-malware-delivering-campa"
	],
	"threat_actors": [],
	"ts_created_at": 1775434422,
	"ts_updated_at": 1775826742,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c3afaa6d8fadddf94a420e66a1d2048d19d5512b.pdf",
		"text": "https://archive.orkl.eu/c3afaa6d8fadddf94a420e66a1d2048d19d5512b.txt",
		"img": "https://archive.orkl.eu/c3afaa6d8fadddf94a420e66a1d2048d19d5512b.jpg"
	}
}