• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Cyber Security Solutions, Compliance, and Consulting Services - IT Security

We offer It security management, data, network, & Information security services for protecting information & mitigating security risks to your organization.

  • Home
  • About Us
  • Solutions & Services
    • Security Governance
    • NETWORK SECURITY
    • CLOUD SECURITY
  • COMPLIANCE
  • SECTORS
  • Blog
  • CONTACT

Qbot Banking Malware is back with a new version

By kamran | At March 20, 2019

Mar 20 2019

Qbot Banking Malware is back with a new version

Qbot malware is identified as an Oakbot by cybersecurity vendors. This malware is also known as Oakbot botnet and was discovered in 2009. The operators distributed Qbot to steal credentials of the user, making backdoors on devices that are infected and forming a world-spanning botnet.

In April 2010 Qbot uploaded 2GB stolen confidential information every week in its FTP servers. After Dec 2015 and start of 2016 Qbot malware has got the main update that has contributed with the latest spike of activity.

In the last decade, Qbot financial malware has affected thousands of business system, and it has now resurfaced with an improved version. Varonis, a data security provider, uncovered an attack that was reported by a customer. A new strain mainly an infection of Qbot known as Qakbot was trying to spread to a system on the network was detected by Varonis.

In the past decade, Qbot has been successful malware. The Qbot source code is available to cybercriminals that are easily modified and extended. Qbot was started as a Trojan to steal online banking credentials, but much improvement has been made in it, and new versions are out now.

Qbot command and control server mixes codes and configurations sometimes to avoid signature-based antivirus detection. Qbot can quickly move across the corporate network as it has worm-like capabilities which brute-force the window domain credential.

Two-state polymorphism process is used by Qbot to generate a unique sample of malware-infected computers. Qbot malware is a credential harvester which has backdoor capabilities and is delivered by the help of Rig exploit kit. When a Qbot malware is downloaded on an infected computer, it immediately tries to raise the entire workstations.

Qbot uses network shared folders to steal credential, and if the folders are protected with a password, then they stole it from the window credential manager and internet explorer. To increase brute-force attacks, Qbot gets together with familiar users and password list combos.

Qbot infects as much as victims and gets an update from the C&C server at a regular interval of six hours. The updates also contain a new variant of malware, which is developed from the two-stage polymorphism process. The two-stage polymorphism process changes the structure of Qbot and helps it to avoid the anti-virus software detection.

The Qbot malware uses different legal certifications to sign maliciously executable to escape the detection on the network. The malware keeps on changing and developing and adding new tools which make it harder to detect and analyze.

Written by kamran · Categorized: Cyber security news

Primary Sidebar

Recents post

Healthcare Ransomware Surges, Pharma Sector at Risk, Major Breaches & Legal Fallout

As cyber threats grow more … [Read More...] about Healthcare Ransomware Surges, Pharma Sector at Risk, Major Breaches & Legal Fallout

Law Firms Cybersecurity Updates: AI-Powered Threats to SIEM Tools and More

Welcome to another edition of … [Read More...] about Law Firms Cybersecurity Updates: AI-Powered Threats to SIEM Tools and More

Healthcare Under Attack: Ransomware Trends, Data Breaches, and the Role of Cyber Insurance

As cyberattacks continue to … [Read More...] about Healthcare Under Attack: Ransomware Trends, Data Breaches, and the Role of Cyber Insurance

Categories

  • AI and cybersecurity (2)
  • blockchain (1)
  • Cloud security (29)
  • Compliance (25)
  • Cyber security news (108)
  • Cyber security threats (376)
  • Cyber security tips (370)
  • Data Security (3)
  • E-Commerce cyber security (3)
  • Education cyber security (1)
  • Enterprise cyber security (7)
  • Financial organizations cyber security (4)
  • General (22)
  • Government cyber security (4)
  • Healthcare cyber security (19)
  • Information Security (2)
  • Law Firms Cyber Security (9)
  • Network security (9)
  • Newsletter (1)
  • Privacy (1)
  • Ransomware (14)
  • remote work (1)
  • Risk assessment and management (6)
  • Security management and governance (9)
  • SME Cybersecurity (2)
  • Software Security (2)
  • Supply Chain Attacks (5)
  • System security (3)
  • Uncategorized (21)
  • Vendor security (14)

Archives

Footer

Infoguard Cyber Security

San Jose Office
333 W. Santa Clara Street
Suite 920
San Jose, CA 95113
Ph: (855) 444-6004

Irvine Office
19800 MacArthur Blvd.
Suite 300
Irvine, CA 92612

Recent Posts

  • Healthcare Ransomware Surges, Pharma Sector at Risk, Major Breaches & Legal Fallout
  • Law Firms Cybersecurity Updates: AI-Powered Threats to SIEM Tools and More
  • Healthcare Under Attack: Ransomware Trends, Data Breaches, and the Role of Cyber Insurance

Get Social

  • LinkedIn
  • Home
  • About Us
  • Solutions & Services
  • COMPLIANCE
  • SECTORS
  • Blog
  • CONTACT

Privacy Policy Terms of Use Acceptable Use

Copyright © 2025 | All right reserved