Qbot malware has been on the prowl since 2008 and is being continually upgraded with new features. It now uses sophisticated techniques for stealing credentials and installing ransomware payloads. With a myriad of weapons in its repository, it is the malware equivalent to a Swiss army knife.
What’s going on?
Several campaigns have been found by Check Point researchers, between March and August, in which Emotet trojan distributed the Qbot trojan. Five percent of organizations globally were affected by these campaigns.
- Active malspam campaigns have been spotted directly distributing the malware.
- The malware is further distributed via third-party infrastructures.
- The most commonly targeted organizations include ones in the military, government, and manufacturing sectors.
- Emotet has been found using malicious email attachments pretending to be from the Windows 10 Mobile OS. After installation, the trojan steals the victim’s email to install malware, such as Qbot and TrickBot.
- The malware was spotted stealing reply-chain emails for future malspam campaigns. Qbot attempts to steal victims’ cookies, passwords, emails, credit card details, and online banking data.
- Qbot was revamped in June and was found stealing financial data from U.S. banks and financial institutions.
What is this malware capable of?
- Theft of user information, such as emails and passwords, from infected machines.
- Installing other malware payloads on target machines, including ransomware.
- Performing banking transactions from the victim’s IP address by allowing the bot controller to connect to the victim’s computer.
- Hijacking legitimate email threads from victims’ Outlook clients and leveraging those threads in attempts to infect other devices.
The bottom line
Cybercriminals are always on the lookout for updating existing malware strains with new capabilities to cause maximum damage. Qbot’s extensive development to enable data theft on an enormous scale is a living proof of that. Currently, Qbot is significantly more dangerous than its previous versions. Thus, organizations are recommended to implement adequate defense measures.