Advertisement:

Zonda - Największa Polska giełda cyfrowych walut

Partners:

Quark
Polskie Stowarzyszenie Bitcoin

QakBot: dangerous banking trojan returns with new tricks

QakBot, a notorious Banking Trojan and Botnet operational since 2008, poses a severe threat to cybersecurity. Recent legal actions like "Operation Duck Hunt" aim to counter this malicious software. With new persistence mechanisms and complex distribution methods, QakBot continues to evolve, challenging cybersecurity experts worldwide.

QakBot – a Banking Trojan and Botnet Operating Since 2008

QakBot, also known as QBot, is a malicious computer program that has been a serious threat to network users since 2008. It is a banking trojan and botnet that has evolved over time, becoming increasingly dangerous and difficult to detect.

Operation Duck Hunt – Disabling QakBot Servers

Servers associated with QakBot were recently shut down as a result of a legal operation named Operation Duck Hunt. These actions aimed to limit the damages caused by this malicious botnet and enhance cybersecurity.

Return of the QakBot Botnet with a New Persistence Mechanism

Threat researchers at Binary Defense have discovered the resurgence of the QakBot botnet, now utilizing a new persistence mechanism. This marks a significant evolution of this malicious software, making it even more challenging to combat.

QakBot Distribution Methods and Capabilities

QakBot is typically distributed through phishing campaigns with various themes, such as malicious document attachments or links to download harmful files. From a banking trojan, QakBot has evolved into a sophisticated tool with a wide range of functions, including data gathering, ransomware delivery, and attacks on critical infrastructure.

Scale of Infection and QakBot Operations

Following the shutdown of QakBot servers in 2023, more than 700,000 computers were identified as part of this botnet. The latest variants of QakBot evade detection through diverse methods, posing challenges for network security professionals combating them.

New Masking Techniques and Operational Strategies of QakBot

QakBot masquerades as an Adobe Reader installer and utilizes srtasks.exe to establish persistence after a factory reset. Additionally, it initiates additional processes using msiexec.exe, making it even more difficult to detect.

Appendix A: Detecting QakBot and Attack Methodology

In line with the significant information provided in Appendix A of the article, detecting QakBot and understanding its attack methodology is a key element in preventing its adverse impacts on computer systems.

Advertisement:

Zonda - Największa Polska giełda cyfrowych walut