Caution is required as cases of distributing malicious code by deceiving the original email as if it was a reply or forwarded email.
According to AhnLab on the 16th, Qakbot, a malicious code, is being distributed to domestic users through ’email hijacking’.
Cockbot is a Windows malware that provides remote access to attackers to steal bank credentials, Windows domain credentials, and install ransomware.
The method of distributing the cockbot discovered this time is to intercept normal emails that have been received, attach malicious PDF files to the body, and then reply or deliver them to users. The target of the attack is the recipient and referrer of the original email.
The body content of the reply or forwarded email is not related to the content of the previous email, but the recipient is encouraged to open the attached PDF file.
In the PDF file, there is a phrase that induces the user to click the ‘Open’ button along with the Microsoft Azure logo, which leads to a malicious URL.
AhnLab explained, “The time the original email came and went varies greatly from 2018 to 2022,” but explained that it was confirmed that the original email was not sent this year.
“A number of malicious e-mails are being distributed in a form similar to this case, so you should not read e-mails from unknown sources as much as possible.”
Industry Team [email protected]
<저작권자 © 전파신문, 무단 전재 및 재배포 금지>