Qbot, also known as QakBot, QuakBot, or Pinkslipbot was first profiled in 2008, but has evolved from an information stealer to a rather kind of "Swiss Army knife" in delivering different variants of malware, including the notorious Prolock ransomware.
While the malware can even remotely control a target's system to carry out nefarious banking transactions using the victim's IP address, and also use a 'third-party' infection infrastructure like Emotet's to further.
The notorious banking Trojan is famous for stealing bank credentials and other confidential financial information, and now, with new tricks to target government institutions, and manufacturing sectors in Europe and the US.
How Qbot Banking Malware targets its Victims
Qbot mainly focused on banks in the United States with a dedicated campaign to hijack users browsers or redirect them, as it attacks and it watches the victim’s web traffic, looking for specific financial services to harvest credentials.
According to Check Point research, Qbot latest wave of activities appears to have curtailed with the re-emergence of Emotet, which is another notorious phishing-based malware that carried out several botnet-driven ransomware attacks and spam campaigns just last month, and capable of secretly gathering email threads from a victim and using them for malspam campaigns.
The earlier campaign shows about 36 U.S. financial institutions targeted and some banks in Canada and the Netherlands; with the rest of the target list containing generic URLs that may be part of a second stage in the fraud transactions.
Formerly, Qbot used worm-like self-replication techniques to duplicate itself on shared drives or removable media, and the malware remains Windows-based, with the latest variant adding new detection and evasion techniques.
How to Secure Your System against Malware Attacks
Qbot, just like other similar malware, have pretty much retained the same functionalities, though the targets may change or some features added, but it will still be primarily based on keylogging, and extracting personal data from victims.
Therefore, it is recommended that online users should ensure they apply critical patches for known vulnerabilities when available, especially against weaponized exploits that target the Internet tools, such as mail clients and browsers. Also, the use of Antivirus software remains a powerful tool for detecting and thwarting malware infections.
But most importantly, organizations and businesses should provide security awareness training for employees, and also make it easy for employees to report suspicious malicious behaviors.