{"id":45212,"date":"2022-02-09T12:01:11","date_gmt":"2022-02-09T12:01:11","guid":{"rendered":"http:\/\/2dc6d859-ee5b-48cf-916e-4d837a8fa6e5"},"modified":"2022-02-09T12:01:11","modified_gmt":"2022-02-09T12:01:11","slug":"this-malware-is-reading-your-email-30-minutes-after-the-first-infection","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/this-malware-is-reading-your-email-30-minutes-after-the-first-infection\/","title":{"rendered":"This malware is reading your email 30 minutes after the first infection"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/www.zdnet.com\/a\/img\/resize\/2a759937b32599cabbaed3a0f19af1b99d7cfaf8\/2021\/06\/28\/20a585a6-81ff-4046-bba5-b4f43a73ca87\/aws-bugfest-competition-to-find-and-fix-amazon-bugs.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\" class=\"ff-og-image-inserted\"><\/div>\n<p>Qbot, otherwise known as Qakbot or QuakBot, is an old software threat to Windows users that pre-dates the first iPhone, but it&#8217;s still being improved for nefarious efficiency. &nbsp;<\/p>\n<p>The malware emerged in 2007, making it almost an antique in the new service-led ransomware world, but the malware is still nimble and efficient, <a href=\"https:\/\/thedfirreport.com\/2022\/02\/07\/qbot-likes-to-move-it-move-it\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">according to cybersecurity outfit DFIR&#8217;s analysis of a sample its researchers found in October<\/a>.&nbsp;<\/p>\n<div class=\"relatedContent alignRight\">\n<h3 class=\"heading\"> <span class=\"int\">ZDNet Recommends<\/span> <\/h3>\n<\/p><\/div>\n<p>Qbot is known for <a href=\"https:\/\/www.zdnet.com\/article\/your-email-threads-are-now-being-hijacked-by-qbot-trojan\/\">reaching Windows PCs via phishing emails<\/a>&nbsp;and exploiting bugs in key apps like Microsoft&#8217;s email client, Outlook. The malware recently gained a module that reads email threads to improve the message&#8217;s apparent legitimacy to victims.&nbsp;<\/p>\n<p><strong>SEE: <\/strong><a href=\"https:\/\/www.zdnet.com\/topic\/cybersecurity-lets-get-tactical\/#link=%7B%22linkText%22:%22Cybersecurity:%20Let's%20get%20tactical%20(ZDNet%20special%20report)%22,%22target%22:%22_blank%22,%22href%22:%22https:\/\/www.zdnet.com\/topic\/cybersecurity-lets-get-tactical\/%22,%22role%22:%22standard%22,%22absolute%22:%22%22%7D%23link=%7B%22role%22:%22standard%22,%22href%22:%22https:\/\/www.zdnet.com\/topic\/cybersecurity-lets-get-tactical\/%23link=%7B%22linkText%22:%22Cybersecurity:%20Let's%20get%20tactical%20(ZDNet%20special%20report)%22,%22target%22:%22_blank%22,%22href%22:%22https:\/\/www.zdnet.com\/topic\/cybersecurity-lets-get-tactical\/%22,%22role%22:%22standard%22,%22absolute%22:%22%22%7D%22,%22target%22:%22%22,%22absolute%22:%22%22,%22linkText%22:%22%3Cstrong%3ECybersecurity:%20Let's%20get%20tactical%20(ZDNet%20special%20report%3C\/strong%3E%22%7D\"><strong>Cybersecurity: Let&#8217;s get tactical<\/strong><\/a><strong> (ZDNet special report)<\/strong><\/p>\n<p>The malware&#8217;s operators rely on clickable phishing messages, including tax payment reminders, job offers, and COVID-19 alerts. It can steal data from Chrome, Edge, email, and online bank passwords.&nbsp;<\/p>\n<p>DFIR researchers looked at a case where initial access wasn&#8217;t known but was likely delivered via a tainted Microsoft Excel document that was configured to download malware from a web page and then used a Windows schedule task to get higher level access to the system.&nbsp;<\/p>\n<p>Qbot&#8217;s authors have learned to live off the land by utilizing legitimate Microsoft tools. In this case, it used these tools to raid an entire network within 30 minutes of the victim clicking on a link in the Excel sheet.&nbsp;<\/p>\n<section class=\"sharethrough-top placeholder\"> <\/section>\n<p>&#8220;Thirty minutes after initial access, Qbot was observed collecting data from the beachhead host including browser data and emails from Outlook. At around 50 minutes into the infection, the beachhead host copied a Qbot dll to an adjacent workstation, which was then executed by remotely creating a service. Minutes later, the beachhead host did the same thing to another adjacent workstation and then another, and before we knew it, all workstations in the environment were compromised.&#8221;&nbsp;<\/p>\n<p>The attack affected PCs on the network but not servers, according to DFIR.<\/p>\n<p>Qbot&#8217;s operators have branched out to ransomware. Security firm Kaspersky <a href=\"https:\/\/www.zdnet.com\/article\/this-decade-old-malware-has-picked-up-some-nasty-new-tricks\/\">reported that Qbot malware had infected 65% more PCs<\/a> in the six months to July 2021 compared to last year. Microsoft spotlighted the malware for its modular design that makes it difficult to detect.&nbsp;<\/p>\n<p>The malware hides malicious processes and creates scheduled tasks to persist on a machine. Once running on an infected device, it uses multiple techniques for lateral movement.<\/p>\n<p>The FBI has <a href=\"https:\/\/www.zdnet.com\/article\/fbi-prolock-ransomware-gains-access-to-victim-networks-via-qakbot-infections\/\">warned that Qbot trojans<\/a> are used to distribute ProLock, a &#8220;human-operated ransomware&#8221;.&nbsp;<\/p>\n<p> READ MORE <a href=\"https:\/\/www.zdnet.com\/article\/this-malware-is-reading-your-email-30-minutes-after-the-first-infection\/#ftag=RSSbaffb68\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Qbot is old malware but it&#8217;s operators appreciate efficiency.<br \/>\nREAD MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-45212","post","type-post","status-publish","format-standard","hentry","category-zdnet-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>This malware is reading your email 30 minutes after the first infection 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/this-malware-is-reading-your-email-30-minutes-after-the-first-infection\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"This malware is reading your email 30 minutes after the first infection 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/this-malware-is-reading-your-email-30-minutes-after-the-first-infection\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-02-09T12:01:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.zdnet.com\/a\/img\/resize\/2a759937b32599cabbaed3a0f19af1b99d7cfaf8\/2021\/06\/28\/20a585a6-81ff-4046-bba5-b4f43a73ca87\/aws-bugfest-competition-to-find-and-fix-amazon-bugs.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-malware-is-reading-your-email-30-minutes-after-the-first-infection\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-malware-is-reading-your-email-30-minutes-after-the-first-infection\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"This malware is reading your email 30 minutes after the first infection\",\"datePublished\":\"2022-02-09T12:01:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-malware-is-reading-your-email-30-minutes-after-the-first-infection\\\/\"},\"wordCount\":433,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-malware-is-reading-your-email-30-minutes-after-the-first-infection\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/2a759937b32599cabbaed3a0f19af1b99d7cfaf8\\\/2021\\\/06\\\/28\\\/20a585a6-81ff-4046-bba5-b4f43a73ca87\\\/aws-bugfest-competition-to-find-and-fix-amazon-bugs.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-malware-is-reading-your-email-30-minutes-after-the-first-infection\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-malware-is-reading-your-email-30-minutes-after-the-first-infection\\\/\",\"name\":\"This malware is reading your email 30 minutes after the first infection 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-malware-is-reading-your-email-30-minutes-after-the-first-infection\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-malware-is-reading-your-email-30-minutes-after-the-first-infection\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/2a759937b32599cabbaed3a0f19af1b99d7cfaf8\\\/2021\\\/06\\\/28\\\/20a585a6-81ff-4046-bba5-b4f43a73ca87\\\/aws-bugfest-competition-to-find-and-fix-amazon-bugs.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\",\"datePublished\":\"2022-02-09T12:01:11+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-malware-is-reading-your-email-30-minutes-after-the-first-infection\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-malware-is-reading-your-email-30-minutes-after-the-first-infection\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-malware-is-reading-your-email-30-minutes-after-the-first-infection\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/2a759937b32599cabbaed3a0f19af1b99d7cfaf8\\\/2021\\\/06\\\/28\\\/20a585a6-81ff-4046-bba5-b4f43a73ca87\\\/aws-bugfest-competition-to-find-and-fix-amazon-bugs.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\",\"contentUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/2a759937b32599cabbaed3a0f19af1b99d7cfaf8\\\/2021\\\/06\\\/28\\\/20a585a6-81ff-4046-bba5-b4f43a73ca87\\\/aws-bugfest-competition-to-find-and-fix-amazon-bugs.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-malware-is-reading-your-email-30-minutes-after-the-first-infection\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"This malware is reading your email 30 minutes after the first infection\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"This malware is reading your email 30 minutes after the first infection 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/this-malware-is-reading-your-email-30-minutes-after-the-first-infection\/","og_locale":"en_US","og_type":"article","og_title":"This malware is reading your email 30 minutes after the first infection 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/this-malware-is-reading-your-email-30-minutes-after-the-first-infection\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-02-09T12:01:11+00:00","og_image":[{"url":"https:\/\/www.zdnet.com\/a\/img\/resize\/2a759937b32599cabbaed3a0f19af1b99d7cfaf8\/2021\/06\/28\/20a585a6-81ff-4046-bba5-b4f43a73ca87\/aws-bugfest-competition-to-find-and-fix-amazon-bugs.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/this-malware-is-reading-your-email-30-minutes-after-the-first-infection\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/this-malware-is-reading-your-email-30-minutes-after-the-first-infection\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"This malware is reading your email 30 minutes after the first infection","datePublished":"2022-02-09T12:01:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/this-malware-is-reading-your-email-30-minutes-after-the-first-infection\/"},"wordCount":433,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/this-malware-is-reading-your-email-30-minutes-after-the-first-infection\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/2a759937b32599cabbaed3a0f19af1b99d7cfaf8\/2021\/06\/28\/20a585a6-81ff-4046-bba5-b4f43a73ca87\/aws-bugfest-competition-to-find-and-fix-amazon-bugs.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/this-malware-is-reading-your-email-30-minutes-after-the-first-infection\/","url":"https:\/\/www.threatshub.org\/blog\/this-malware-is-reading-your-email-30-minutes-after-the-first-infection\/","name":"This malware is reading your email 30 minutes after the first infection 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/this-malware-is-reading-your-email-30-minutes-after-the-first-infection\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/this-malware-is-reading-your-email-30-minutes-after-the-first-infection\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/2a759937b32599cabbaed3a0f19af1b99d7cfaf8\/2021\/06\/28\/20a585a6-81ff-4046-bba5-b4f43a73ca87\/aws-bugfest-competition-to-find-and-fix-amazon-bugs.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","datePublished":"2022-02-09T12:01:11+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/this-malware-is-reading-your-email-30-minutes-after-the-first-infection\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/this-malware-is-reading-your-email-30-minutes-after-the-first-infection\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/this-malware-is-reading-your-email-30-minutes-after-the-first-infection\/#primaryimage","url":"https:\/\/www.zdnet.com\/a\/img\/resize\/2a759937b32599cabbaed3a0f19af1b99d7cfaf8\/2021\/06\/28\/20a585a6-81ff-4046-bba5-b4f43a73ca87\/aws-bugfest-competition-to-find-and-fix-amazon-bugs.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","contentUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/2a759937b32599cabbaed3a0f19af1b99d7cfaf8\/2021\/06\/28\/20a585a6-81ff-4046-bba5-b4f43a73ca87\/aws-bugfest-competition-to-find-and-fix-amazon-bugs.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/this-malware-is-reading-your-email-30-minutes-after-the-first-infection\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"This malware is reading your email 30 minutes after the first infection"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/45212","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=45212"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/45212\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=45212"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=45212"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=45212"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}