Banking Trojan QakBot attacked over 17,000 users worldwide

Kaspersky Lab has detected a surge in infections with a new version of the QakBot banking Trojan. More than 17,000 users around the world have been attacked by a banker since early 2021, and more than half of them are from Russia. The number of users that faced this threat has grown by 65% compared to the same period last year.

The largest campaigns were observed in the first quarter of 2021, when 12,704 users of Kaspersky Lab products faced QakBot: 8068 users were attacked in January and 4007 in February.

kaspersky report

QakBot, also known as QBot, QuackBot, 和 Pinkslipbot, is a banking Trojan that has been around for over thirteen years. It was discovered in 2007 and has been continuously improved since then.

In recent years, QakBot has become one of the most active banking Trojans in the world. Its main purpose is to steal credentials (logins, passwords, etc.) to log into financial services. 然而, this is not its only function. QakBot can spy on the banking activities of an organization, spread over the network and install encryption programs to maximize the profit from attacks on organizations.

In addition to the standard functions for such malware (keylogging, stealing cookies, logins and passwords), the latest versions of QakBot are able to stop suspicious activity or turn off if launched in a virtual environment, support regular self-updating, and researchers also note changes in encryption schemes and binary code packaging.

Another new and unusual feature of QakBot is the ability to steal emails in order to then carry out social engineering attacks on users from the victim’s email list.

QakBot attacks are unlikely to end anytime soon. The authors of this Trojan continue to add new features to it and update its modules in order to steal even more money and data. Previously, QakBot was actively distributed using the Emotet botnet, but this botnet was disabled at the beginning of the year. Now, judging by our statistics, the cybercriminals have found a new method of infection with this Trojan.Anton Kuzmenko, cybersecurity expert at Kaspersky Lab.

Let me remind you that I also told that Coper Banking Trojan Targets Colombian Users.

黑尔加·史密斯

我一直對電腦科學感興趣, 尤其是數據安全和主題, 而家被稱為 "數據科學", 由我十幾歲開始. 在進入病毒清除團隊擔任主編之前, 我曾喺多傢公司擔任網絡安全專家, 包括亞馬遜嘅承包商之一. 另一種體驗: 我在雅頓大學同雷丁大學任教.

留言

本網站使用Akismet嚟減垃圾郵件. 瞭解如何處理評論數據.

“返回頂部”按鈕