Thousands of machines have been infected with Qbot malware

Qbot or Qakbot or Quakbot has been around since 2009 with multiple layers of obfuscation and improvements that allow it to remain a persistent threat.

Qbot is a malware that is able of monitoring the browser activities of the affected system and records all data related to finance related websites.

Qbot also steals additional valuable information from the infected system like:
– Account name and password
– Country and City
– Internet Explorer password-protected sites
– IE user names and passwords
– IP address
– OS (Operating System)
– Outlook username and password
– Certificates
– Cookies
– Public Storage – SMTP, POP3, LDAP
– Browsing activities
– System information

Depending on the kind, the malware regularly downloads its elements and updates from the Internet. It can also download other malware if called by its server.

The strange thing about the newly recognized Qbot outbreak is how the malware executed to infect such a large number of systems in a short period. Most probably, an updated exploit kits helped with the distribution.

The main functionality of Qbot malware has stayed fairly consistent over the years, and the polymorphic environment of the threat helped it avoid detection. By focusing on this aspect allowed the security researchers to discover how often the executable code is modified.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Glove Stealer Emerges A New Malware Threat For Browsers

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA