Trojan ngân hàng QakBot bị tấn công 17,000 người dùng trên toàn thế giới
phòng thí nghiệm kaspersky has detected a surge in infections with a new version of the QakBot banking Trojan. Hơn 17,000 users around the world have been attacked by a banker since early 2021, and more than half of them are from Russia. The number of users that faced this threat has grown by 65% compared to the same period last year.
The largest campaigns were observed in the first quarter of 2021, when 12,704 users of phòng thí nghiệm kaspersky products faced QakBot: 8068 users were attacked in January and 4007 in February.
QakBot, còn được gọi là QBot, QuackBot, Và Pinkslipbot, is a banking Trojan that has been around for over thirteen years. It was discovered in 2007 and has been continuously improved since then.
In recent years, QakBot has become one of the most active banking Trojans in the world. Its main purpose is to steal credentials (logins, mật khẩu, etc.) to log into financial services. Tuy nhiên, this is not its only function. QakBot can spy on the banking activities of an organization, spread over the network and install encryption programs to maximize the profit from attacks on organizations.
In addition to the standard functions for such malware (keylogging, stealing cookies, thông tin đăng nhập và mật khẩu), the latest versions of QakBot are able to stop suspicious activity or turn off if launched in a virtual environment, support regular self-updating, and researchers also note changes in encryption schemes and binary code packaging.
Another new and unusual feature of QakBot is the ability to steal emails in order to then carry out social engineering attacks on users from the victim’s email list.
Hãy để tôi nhắc bạn rằng tôi cũng đã nói rằng Trojan Coper Banking nhắm mục tiêu người dùng Colombia.
