Check Point Research has published its latest Global Threat Index for August 2020. Researchers have discovered that the Qbot trojan, also known as Qakbot and Pinkslipbot, has entered the top ten malware index for the first time, coming in as the 10th most prevalent malware in August.
First observed in 2008, Qbot has been continually developed and has evolved and now employs sophisticated credential theft and ransomware installation techniques, making it the equivalent of a Swiss Army knife, according to Check Point. Qbot has also added a dangerous new feature: an email collector that extracts email threads from the victim’s Microsoft Outlook account and uploads them to an external server.
This allows Qbot to steal email threads from the infected user and then spam itself to the victim’s contacts. Qbot also enables banking transactions by allowing its controller to connect to the victim’s computer.
Check Point found several campaigns using Qbot between March and August 2020, including Qbot being distributed via the Emotet trojan. This campaign affected 5% of organizations worldwide in July of 2020.
“Threat actors are always looking at ways to update existing, proven forms of malware, and they have clearly been investing heavily in Qbot’s development to enable data theft on a massive scale from organizations and individuals. We have seen active malspam campaigns distributing Qbot directly, as well as the use of third-party infection infrastructures like Emotet’s to spread the threat even further. Businesses should look at deploying anti-malware solutions that can prevent such content reaching end-users and advise employees to be cautious when opening emails, even when they appear to be from a trusted source,” – Maya Horowitz, Director of Threat Intelligence & Research, Products at Check Point.
How Does Qbot Spread?
The Qbot infection has changed significantly since April of 2020. Previously, spam emails delivered Qbot using malicious documents with macros. Now, they contain URLs to a .zip file embedded with a downloader script written in VBScript. This is a scripting language developed by Microsoft, but the company has disowned it since last year due to hackers’ abuse for years. Unfortunately, hackers know that many businesses and individuals still use old versions of Windows and Internet Explorer, which allows them to infiltrate victims who lack the latest security features and updates.
The recent surge in Qbot activity proves that in the dark world of cybercrime, it remains possible for old dogs to learn new tricks.
If you are still having trouble, consider contacting remote technical support options.