News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Tag: QakBot

15 years of Qakbot – a review
March 17, 2024
| No comments
| PR News
15 years of Qakbot – a review

Qakbot (aka QBot or Pinkslipbot) is a Trojan with a 15-year evolutionary history. From its origins as a banking Trojan, it continued to evolve into malware, which is now used for lateral distribution in a network and the deployment of ransomware. After being broken up by law enforcement authorities in August 2023, the 5th version of Qakbot was released a few months later. Zscaler analyzed the transformation of a resilient, persistent and innovative malware. Recently, the security researchers discovered that the threat actors have updated their code base to support 64-bit versions of Windows. In addition,…

Read more

DarkGate threat
March 16, 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

In the ever-evolving cyber threat landscape, law enforcement agencies have seen progress in uncovering DarkGate, malware developers, threat actors and forum managers. At the same time, they have increasingly taken control of command-and-control servers, disrupting malware distribution networks. In this dynamic environment, the emergence of new players and the adaptation of existing players is no coincidence. A recent example of this evolution is the emergence of morphing malware, which shows threat actors changing names and modifying malware families. Following the dismantling of the Qbot infrastructure, the spread of DarkGate has increased significantly, reflecting the continued evolution of cyber threats…

Read more

Qakbot remains dangerous
March 2, 2024
| No comments
| Short news, Sophos
B2B Cyber ​​Security ShortNews

Sophos X-Ops has discovered and analyzed a new variant of the Qakbot malware. These cases first emerged in mid-December and show that the Qakbot malware has continued to evolve despite law enforcement's successful dismantling of the botnet infrastructure last August. The attackers use even better methods to cover their tracks. The cases analyzed by Sophos X-Ops show that cybercriminals made concerted efforts to strengthen the malware's encryption. This has made it more difficult for defenders to analyze the malicious code. In addition, the attackers are now encrypting the…

Read more

Qakbot continues to actively defy smashed network
7 November 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

As new threat intelligence findings from Cisco Talos show, the threat actor (affiliates) behind the Qakbot malware remains active and has been running a campaign again since the beginning of August 2023. In the campaign, they spread the ransomware “Ransom Knight” and the backdoor “Remcos” via phishing emails. What's special: the Qakbot infrastructure was confiscated by the FBI at the end of August. Nevertheless, the campaign, which was launched at the beginning of August, continues. This suggests that the law enforcement action may not have impacted the Qakbot operators' spam sending infrastructure, but only their command and control (C2) servers. Qakbot uses other distribution channels…

Read more

FBI vs. Qakbot network: smashed or just paralyzed?
September 15, 2023
| No comments
| PR News
FBI vs. Qakbot network: smashed or just paralyzed?

On August 29, 2023, the US FBI announced that it had dismantled the multinational cyber hacking and ransomware operation Qakbot, or Qbot. After Hive, Emotet or Zloader, QakBot has now been hit. But is the botnet destroyed and the ransomware unusable or just paralyzed, as was the case with Emotet? The Qakbot malware infected victims via spam emails containing fraudulent attachments and links. It also served as a platform for ransomware operators. Once the victim's computer was cracked, it became part of the larger Qakbot bot network, which...

Read more

Qakbot botnet follows in Emotet's footsteps
March 25, 2022
| No comments
| Sophos, Stories

Qakbot runs detailed profile scans of infected computers, downloads additional modules and offers sophisticated encryption. Starting point for the attacks: The cybercriminals skilfully latch onto real e-mail communication lines. The Qakbot botnet follows in Emotet's footsteps. Sophos has published a technical analysis of Qakbot showing that the botnet is becoming increasingly sophisticated and dangerous for businesses. In the article “Qakbot Injects Itself into the Middle of Your Conversations”, SophosLabs describes a recent Qakbot campaign that shows how the botnet spreads through email thread hijacking and a variety of profile information from…

Read more

65 percent increase in banking malware QakBot
5 October 2021
| No comments
| Kaspersky, Short news
Kaspersky_news

Kaspersky experts have identified an increase in attacks with the QakBot banking Trojan. The number of those affected rose in the first seven months of this year by 65 percent compared to the same period last year. Cybercriminals can use banking Trojans to steal money from their victims' online banking accounts and e-wallets. The banking Trojan QakBot was discovered in 2007 as one of many, but the developer behind it has invested a lot in its development in recent years and made this Trojan one of the most powerful and dangerous among the existing copies of this type of malware. QakBot protects itself against detection Additionally ...

Read more

What's the point of breaking up Emotet?
17. February 2021
| No comments
| Short news
Fireeye News

“Emotet has always been one of the most widespread malware families in recent years. What are the long-term benefits of breaking up Emotet? A comment from FireEye. While it has historically been linked to home banking fraud, the malware has also been used to spread spam and secondary malware since 2017. We believe this was done on behalf of a limited number of groups using Emotet as malware-as-a-service. Ransomware campaigns with Emotet Between October 2020 and January 2021 we observed that Emotet spread several malware variants. These were used to launch ransomware campaigns ...

Read more

QakBot malware poses a high security risk
3 November 2020
| No comments
| PR News
QakBot attack XML

The QakBot malware harbors a high security risk due to the often low detection rate. QakBot is distributed through XLSB files, making it difficult to spot. Qakbot is not new to malware, but the Hornetsecurity Security Lab is now warning of a new type of distribution: IT security experts have discovered that XLM macros are used in XLSB documents to distribute QakBot malware. Since both XLM macros and the XLSB document format are uncommon, these new malicious documents have a very low detection rate by current anti-virus solutions. What is QakBot? QakBot (also known as QBot, QuakBot, Pinkslipbot) has been around since ...

Read more

Malware: QakBot overtakes TrickBot
July 29, 2020
| No comments
| Short news
News B2B Cyber ​​Security

Cybersecurity specialists are currently registering a new wave of the QakBot info dealer. The malware is distributed via the Emotet botnet, displacing more and more TrickBot there. IT security experts are currently observing a new wave of Zero Outage malware from info stealer QakBot. The Zscaler virus hunters report that many newly registered domains are currently being used to distribute QakBot. Matching articles on the topic

Read more

© 2024 MedPressIT GbR
Cookie Settings