Qbot Trojan Reappears to Go After U.S. Banking Customers

2020-06-16 20:45

Qbot, an ever-evolving information-stealing trojan that's been around since 2008, has reappeared after a hiatus to target customers of U.S. financial institutions.

Qbot harvests browsing data and financial info, including online banking details.

According to F5, once the victim is compromised, Qbot bides its time until a victim opens a web page that it's interested in - specifically, online banking portals for Bank of America, Capital One, Citibank, Citizen's Bank, J.P. Morgan, Sun Bank, TD Bank, Wells Fargo and others.

Interestingly, Qbot targets pages with regular-expression search strings that query "Logout/exit/quit" requests, F5 researchers told Threatpost: "This is unique, and allows an attacker to trigger the attack after the user requested to log out of the legitimate activity."

Qbot's target list also includes generic URLs that might be used in a second stage in an attack - say, for surfacing a message to victims in order to redirect them elsewhere once the banking activity is concluded.

News URL

https://threatpost.com/qbot-trojan-us-banking-customers/156624/

#banking #trojan

News URL

Related news