Stay informed on Qakbot threats with the latest news, analysis, and prevention tips in our dedicated Information Security tag section.
Search across headline titles and summaries.
Background for this topic.
Qakbot, also known as Qbot, is a type of malware that primarily targets Windows machines to steal banking credentials and other personal information. Initially identified around 2009, it has since evolved with capabilities including keylogging, data exfiltration, and the ability to download additional malware onto infected systems. In the context of information security, Qakbot represents a significant threat due to its persistence mechanisms, constant evolution to evade detection, and its use as a delivery vehicle for more destructive malware, such as ransomware.
Qakbot spreads through various methods, including phishing emails and exploiting vulnerabilities in network protocols. Once installed, it creates a backdoor that allows attackers to control the compromised system and add it to a botnet. Its sophisticated evasion techniques include the use of polymorphic code to change its appearance and the execution of anti-analysis code to hinder detection by security software. For information security professionals, combating Qakbot involves implementing robust cybersecurity measures such as employee education, up-to-date antivirus software, and network segmentation.
Weekly headline count for the current query.
Also: Signal Blocks Recall, Europe Sanctions Stark IndustriesThis week, Qakbot leader indicted, Signal blocked Recall and a judge said Trump illegally removed watchdogs. Ivanti and Palo Alto hacks linked, Stark Industries sanctioned, Marks and Spencer's hack costs 300M pounds. Pro-Ukraine hackers hit a Russian clinic and an outbreak of PureRAT in Russia.
The FBI thought they shut this all down in 2023, but the duck quacked again Uncle Sam on Thursday unsealed criminal charges and a civil forfeiture case against a Russian national accused of leading the cybercrime ring behind Qakbot, notorious malware that infected hundreds of thousands of computers worldwide and helped fuel ransomware attacks costing victims tens of millions of dollars.…
The U.S. government has indicted Russian national Rustam Rafailevich Gallyamov, the leader of the Qakbot botnet malware operation that compromised over 700,000 computers and enabled ransomware attacks. [...]
Attackers post links to fake websites on LinkedIn to ask people to complete malicious CAPTCHA challenges that install malware.
Cybersecurity researchers have disclosed details of a new BackConnect (BC) malware that has been developed by threat actors linked to the infamous QakBot loader
The prolific ransomware group has shifted away from phishing as the method of entry into corporate networks, and is now using initial access brokers as well as its own tools to optimize its most recent attacks.
CVE-2024-30051, under active exploit, is the most concerning out of this month's Patch Tuesday offerings, and already being abused by several QakBot actors.
Plus: Google Chrome, Apple bugs also exploited in the wild Happy May Patch Tuesday. We've got a lot of vendors joining this month's patchapalooza, which includes a handful of bugs that have been exploited — either in the wild or at Pwn2Own — and now fixed by Microsoft, Apple, Google and VMware.…
Kaspersky Says It Spotted QakBot Operators Exploiting the Flaw in AprilMicrosoft issued a patch Tuesday for a Windows zero-day vulnerability that security researchers say operators of the QakBot botnet and other hackers actively exploited. The elevation of privilege vulnerability flaw is rated "important" on the CVSS scale.
Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems. [...]
The developer of Qakbot malware, or someone with access to the source code, seems to be experimenting with new builds as fresh samples have been observed in email campaigns since mid-December. [...]
Qakbot Wouldn't Be the First Trojan to Come Back After a TakedownTakedowns aren't always forever in cyberspace. Months after a U.S. law enforcement operation dismantled the notorious Qakbot botnet, security researchers said signs are pointing to a resurgence. Someone with access to the Qakbot - also known as Qbot - source code is experimenting with new builds.
An emerging threat actor, Water Curupira, is wielding a new, sophisticated loader in a series of thread-jacking phishing campaigns that precede ransomware.
Microsoft and several others have reported seeing the noxious malware surfacing again in a campaign targeting the hospitality industry.
The malware loader known as PikaBot is being distributed as part of a malvertising campaign targeting users searching for legitimate software like AnyDesk
Experts say malware strain make take years to die off completely Multiple sources are confirming the resurgence of Qakbot malware mere months after the FBI and other law enforcement agencies shuttered the Windows botnet.…
Researchers observed malicious files advancing through email, PDF, URL and MSI
A new wave of phishing messages distributing the QakBot malware has been observed, more than three months after a law enforcement effort saw its infrastructure dismantled by infiltrating its command-and-control (C2) network
The QakBot malware is once again being distributed in phishing campaigns after the botnet was disrupted by law enforcement over the summer. [...]
The U.S. Department of Justice (DOJ) and the FBI recently collaborated in a multinational operation to dismantle the notorious Qakbot malware and botnet. While the operation was successful in disrupting this long-running threat, concerns have arisen as it appears that Qakbot may still pose a danger in a reduced form. This article discusses the aftermath of the takedown, provides mitigation