Security News > 2020 > August > QakBot Banking Trojan Returned With New Sneaky Tricks to Steal Your Money

A notorious banking trojan aimed at stealing bank account credentials and other financial information has now come back with new tricks up its sleeve to target government, military, and manufacturing sectors in the US and Europe, according to new research.

In an analysis released by Check Point Research today, the latest wave of Qbot activity appears to have dovetailed with the return of Emotet - another email-based malware behind several botnet-driven spam campaigns and ransomware attacks - last month, with the new sample capable of covertly gathering all email threads from a victim's Outlook client and using them for later malspam campaigns.

Using Hijacked Email Threads as Lures First documented in 2008, Qbot has evolved over the years from an information stealer to a "Swiss Army knife" adept in delivering other kinds of malware, including Prolock ransomware, and even remotely connect to a target's Windows system to carry out banking transactions from the victim's IP address.

Morphisec unpacked a Qbot sample that came with two new methods designed to bypass Content Disarm and Reconstruction and Endpoint Detection and Response systems.

Aside from packing components for grabbing passwords, browser cookies, and injecting JavaScript code on banking websites, the Qbot operators released as many as 15 versions of the malware since the start of the year, with the last known version released on August 7.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/DWYrTPcCdQU/qakbot-banking-trojan.html