Kaspersky experts have identified an increase in attacks with the QakBot banking Trojan. The number of those affected rose in the first seven months of this year by 65 percent compared to the same period last year.
Cybercriminals can use banking Trojans to steal money from their victims' online banking accounts and e-wallets. The banking Trojan QakBot was discovered in 2007 as one of many, but the developer behind it has invested a lot in its development in recent years and made this Trojan one of the most powerful and dangerous among the existing copies of this type of malware.
QakBot protects itself against detection
In addition to the usual functions for banking Trojans such as keylogging, cookie theft, interception of passwords and logins, QakBot has also integrated functions and techniques in the latest versions with which it can recognize whether it is running in a virtual environment. The latter is often used by security solutions and anti-malware specialists to identify malware based on its behavior. If the malware detects that it is in a virtual environment, it can stop suspicious activity or cease to function altogether. In addition, QakBot tries to protect itself from analysis and troubleshooting by experts and automatic tools.
Latest version also steals emails
In addition, QakBot in its latest versions is able to steal e-mails from attacked computers. These emails are later used in various social engineering campaigns against people on the victim's email contact list.
“It is unlikely that QakBot will cease its activities any time soon. This malware is constantly updated and the threat actors behind it keep adding new features and updating their modules to maximize revenue impact while stealing details and information,” comments Haim Zigel, malware analyst at Kaspersky. “In the past, QakBot has been actively distributed via the Emotet botnet. Although this botnet was shut down earlier this year, judging by the statistics of infection attempts, which have increased compared to last year, the masterminds behind QakBot have found a new way to distribute this malware." Kaspersky security solutions successfully detect and block all known versions of the QakBot banking Trojan.
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/