<div style="margin:20px 0 0 200px"> To view the site, enable JavaScript by changing your browser options, then <a href="">Try Again</a>.</div>
31 Aug, 2020
Qbot is Back!

Qbot (a banking trojan that steals bank account credentials and financial information). This time, it's mainly targeting the military, government, and manufacturing sectors.

According to a report released by Check Point Research — This current wave of Qbot phishing activities seems to have dovetailed with the return of Emotet (it's another email-based malware built for botnet-driven spam campaigns and ransomware attacks).

"These days Qbot is much more dangerous than it was previously — it has an active malspam campaign which infects organizations, and it manages to use a 'third-party' infection infrastructure like Emotet's to spread the threat even further." Check Point Research.

Since its first appearance (2008), Qbot, which is also known as QakBot, Pinkslipbott, or QuakBot, has evolved swiftly and to a great extent, from a mere information stealer to capable of delivering various sorts of attacks, be it obtaining remote access to victim’s windows system to do bank transactions or Prolock ransomware.

"Our research shows how even older forms of malware can be updated with new features to make them a dangerous and persistent threat. The threat actors behind Qbot are investing heavily in its development to enable data theft on a massive scale from organizations and individuals. We have seen active malspam campaigns distributing Qbot directly, as well as the use of third-party infection infrastructures like Emotet's to spread the threat even further.". — Yaniv Balmas (Check Point Research).

The attack gets carried out via email sending an attached Zip file or Zip file link containing malicious Visual Basic Script (VBS). It lures the victim under the disguise of COVID - 19 updates, tax payment reminders, hiring notifications, and so on. Once the victim downloads the zip file, the attacker gets control of the system.

The roadmap of the attack

The malicious email (contains a link to the zip file). The zip file contains a VBS downloader that runs the initial payload, then it decrypts and runs "explorer.exe" inside which leads to Main Payload (Encrypted Resource) that later proceeds to the Hardcoded Bost list routed by C&C communication, that advances to Tier2 Proxy and finally reaches "C&C Serves".

As per the report, India has encountered 7% of the overall attack; whereas, the USA experienced 29% and the UK faced 4% of the attack. Even a small country like Taiwan experienced 5% of the attack. On the contrary, no such Qbot attack has been documented in China. It’s a strange data in itself.

If you wish to become a malware analyst in an antivirus company, look into our course https://www.isoeh.com/reverse-engineering-malware-analysis.html.

We also provide a gamut of courses from ccna course, python for programming, machine learning using python. Join us and join the cyber security work force in India.

Get in touch with us today. Subscribe to our newsletter to find the latest updates in the field of cyber security.

Read Other Breaking News

Read All Breaking News »

Exclusive Blog

Read All Exclusive Blog »
A few tips for the perfect homework
A few tips for the perfect homework

With world working from home, it's time to make it enjoyable and effective.

Read Details

Hacking Tools

Explore All Hacking Tools »
UFTP - UDP based FTP with encryption
UDP based FTP with encryption

UFTP is an encrypted multicast file transfer program for secure, reliable & efficient transfer of files. It also helps in data distribution over a satellite link.

Read Details