Security news aggregator

Latest coverage for Qakbot

The Qakbot malware family is covered through reported incidents, technical analysis, infrastructure findings, disruption efforts, and defensive guidance.

59 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Qakbot (Qbot) is a Windows malware family first identified around 2009. It evolved from a banking-information stealer into a modular backdoor that can log keystrokes, steal credentials, exfiltrate data, and download additional payloads. Reported compromises have also used it as a delivery layer for other malware, including ransomware. Its botnet functionality enables infected hosts to communicate with attacker-controlled infrastructure.

Qakbot matters because a successful phishing infection can expose credentials and create a path for follow-on malware. Defenses include filtering suspicious attachments and links, applying security updates, using multifactor authentication where possible, and monitoring unusual process, network, and authentication activity. When detected, isolate the host, preserve email and endpoint telemetry, reset potentially exposed credentials, and check other systems for related indicators or payloads. Threat intelligence on Qakbot infrastructure can help block activity and scope an incident, but indicators should be validated because infrastructure and artifacts change.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 59 Filtered view
Bank Info Security 1 year, 1 month ago

Breach Roundup: US Indicts Qakbot Malware Leader

Also: Signal Blocks Recall, Europe Sanctions Stark IndustriesThis week, Qakbot leader indicted, Signal blocked Recall and a judge said Trump illegally removed watchdogs. Ivanti and Palo Alto hacks linked, Stark Industries sanctioned, Marks and Spencer's hack costs 300M pounds. Pro-Ukraine hackers hit a Russian clinic and an outbreak of PureRAT in Russia.

The FBI thought they shut this all down in 2023, but the duck quacked again Uncle Sam on Thursday unsealed criminal charges and a civil forfeiture case against a Russian national accused of leading the cybercrime ring behind Qakbot, notorious malware that infected hundreds of thousands of computers worldwide and helped fuel ransomware attacks costing victims tens of millions of dollars.…

Plus: Google Chrome, Apple bugs also exploited in the wild Happy May Patch Tuesday. We've got a lot of vendors joining this month's patchapalooza, which includes a handful of bugs that have been exploited — either in the wild or at Pwn2Own — and now fixed by Microsoft, Apple, Google and VMware.…

Bank Info Security 2 years, 2 months ago

Microsoft Patches Zero-Day Exploited by QakBot

Kaspersky Says It Spotted QakBot Operators Exploiting the Flaw in AprilMicrosoft issued a patch Tuesday for a Windows zero-day vulnerability that security researchers say operators of the QakBot botnet and other hackers actively exploited. The elevation of privilege vulnerability flaw is rated "important" on the CVSS scale.

Bank Info Security 2 years, 5 months ago

More Signs of a Qakbot Resurgence

Qakbot Wouldn't Be the First Trojan to Come Back After a TakedownTakedowns aren't always forever in cyberspace. Months after a U.S. law enforcement operation dismantled the notorious Qakbot botnet, security researchers said signs are pointing to a resurgence. Someone with access to the Qakbot - also known as Qbot - source code is experimenting with new builds.

The U.S. Department of Justice (DOJ) and the FBI recently collaborated in a multinational operation to dismantle the notorious Qakbot malware and botnet. While the operation was successful in disrupting this long-running threat, concerns have arisen as it appears that Qakbot may still pose a danger in a reduced form. This article discusses the aftermath of the takedown, provides mitigation

Loading more headlines...