Malware in e-mail on the rise

Malicious spam campaign targeting organizations grows 10-fold in a month, spreads Qbot and Emotet malware.


Our experts have detected significant growth in complex malicious spam e-mails targeting organizations in various countries. The number of these malicious e-mails grew from around 3000 in February 2022 to approximately 30,000 in March. So far, our technologies have detected malicious e-mails written in English, French, Hungarian, Italian, Norwegian, Polish, Russian, Slovenian and Spanish languages.

How cybercriminals infect victim’s devices

Cybercriminals allegedly intercept active e-mail conversations on business matters and send the recipients an e-mail containing either a malicious file or a link in order to infect their devices with a banking trojan. Such scheme makes those messages harder to detect and increases the chances that recipient will fall for the trick.

Some letters that cybercriminals send to the recipients contains a malicious attachment. In other cases, it has a link which leads to a file placed in a legitimate popular cloud-hosting service. Often, malware is contained in an encrypted archive, with the password mentioned in the e-mail body. To convince users to open attachment or download the file via the link, the attackers usually state that it contains some important information, such as a commercial offer.

Our experts have concluded that these e-mails are being distributed as part of a coordinated campaign that aims to spread banking Trojans.

What kind of malware attackers are using and how dangerous are they?

In most cases when victims opens a malicious document, it downloads and launches the Qbot malware, but our experts has also observed that some of these documents download Emotet instead. Both malware strains are capable of stealing users’ data, collecting data on an infected corporate network, spreading further in the network, and installing ransomware or other Trojans on other network devices. Qbot also can access and steal e-mails.

How to stay safe

In order to stay safe from attacks by Qbot and Emotet (or any other malware spreading via e-mail), we recommend the following:

  • Installing a reliable security solution on a mail gateway level — it will automatically filter out spam and malicious messages before end-users even have a chance to make a mistake.
  • Providing your staff with basic cybersecurity hygiene training — it can teach them to spot cybercriminal behavior (for example to know that password in the same e-mail with the encrypted archive can serve only one purpose — to deceive antimalware technologies).
  • Conducting simulated attacks to ensure that your employees know how to distinguish phishing and malicious e-mails and genuine ones.
  • Using a security solution on every endpoint that is connected to the Internet. In this case if your staff fall victim to an attack, it can prevent a file from opening or a malicious link from working.