Israeli security firm Check Point reports that a particularly persistent type of malware has reared its head again, this time with a new trick.

Qbot, also known as Qakbot or Pinkslipbot, first appeared as a banking Trojan around 2008. But in the world of malware, successful malware does not die; it evolves. [According to Check Point, Qbot is now partnering with Emotet, a younger but similarly notorious bug, to send phishing emails, steal passwords and credit card numbers, install ransomware, and even insert fake emails into ongoing email conversations and other activities. [Yaniv Balmuth, head of cyber research at Check Point, said in a press statement, "The threat parties behind Qbot have invested heavily in its development to enable large-scale data theft from organizations and individuals. [For now,] Balmuth added, "We strongly recommend that you watch carefully for emails that show signs of phishing, even if they are from a trusted source.

Another way to avoid infection by Qbot is to run the best antivirus software. A good antivirus scanner will not only detect and stop malware, but some Qbots will also check for the presence of antivirus software on the computer and stop its activity if detected.

To be fair, this is not the first time Qbot has snuck phishing emails into ongoing threads or packaged them as Emotet payloads; our friends at Bleeping Computer have been working on a new phishing email that is no longer available online Based on a report from a security firm, Qbot reported doing both of these in April 2019.

Then, as now, the infection takes the form of a spear-phishing email tailored to the recipient. The body of the email contains links to documents that the recipient "needs to see," posing as resumes, business documents, tax forms, or in a recent campaign, information about COVID-19.

Clicking on that link downloads a .ZIP file, which, if you are running Windows, launches a Visual Basic script and downloads more malware. The malware checks to see if you are running Microsoft Outlook. If so, it uploads many of your email threads to the criminals' servers to be hijacked with even more phishing emails. [According to Check Point, the malware can hijack your online banking session even when you are logged in. The company estimates that about 100,000 machines have been infected since March, with the most infections occurring in the United States.

Other variants of Qbot can hide in booby-trapped Word documents, tamper with WordPress blogs to infect readers, embed themselves in the Windows registry to run at system startup, or hijack Windows' own File Manager application, or lock users out of their accounts.

Some variants change their code three or four times a day to avoid easy detection by antivirus software. For these reasons, the Check Point report states that Qbot "has become the malware equivalent of a Swiss army knife."