QBot Trojan Comes Back With New Nasty Tricks – Active Campaigns Detected

The old banking trojan QBot has surfaced online once again as researchers discovered its new variant active in the wild. The malware now employs new tricks to steal users’ money.

New QBot Trojan Variant Found

Researchers from Check Point Research have recently shared details about a new variant of the long-known QBot trojan.

This trojan first caught the attention back in 2008. Since then, it has evolved as a potent banking trojan with data-stealing capabilities. The malware also bears other names: Qakbot and Pinkslipbot.

As elaborated, the researchers observed the new variant being dropped by the latest Emotet campaigns. This variant, as observed, comes with new C&C and malicious features.

One such feature is the extraction of emails. The new QBot activates an email collector that extracts email threads from Microsoft Outlook. It then transmits all the stolen emails to a hardcoded server. These emails may be exploited in any future malspam campaigns as the spam emails would continue a once legit email. In this way, it would become easier for the attackers to run successful phishing attacks.

Besides, the new variant also bears anti-VM and anti-debug capabilities. Also, it achieves persistence on the infected systems via task scheduler and registry values.

Detailed technical analysis of the malware and the infection chain is available in the researchers’ post.

Active Campaigns Observed This Year

Check Point Research observed multiple campaigns of QBot this year. At first, they noticed malicious campaigns in March and June.

After that, the malware returned with advanced capabilities as part of Emotet campaigns in July. This time, the campaign targeted “5% of organizations globally”.

Then, the new variant of QBot emerged in the latest campaigns that resumed in August 2020. The researchers observed around 20% of the attacks aimed at the United States. Whereas, the target industries included government, military, and manufacturing sectors.

Considering the growing maliciousness of the malware, all organizations around the world need to strengthen their security measures to prevent any mishaps.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients