Security News > 2022 > February > Qbot needs only 30 minutes to steal your credentials, emails
The widespread malware known as Qbot has recently returned to light-speed attacks, and according to analysts, it only takes around 30 minutes to steal sensitive data after the initial infection.
As shown in the following diagram, Qbot moves quickly to perform privilege escalation immediately following an infection, while a full-fledged reconnaissance scan takes place within ten minutes.
Qbot steals Windows credentials from memory using the LSASS injections and from web browsers.
Qbot moves laterally to all workstations in the scanned environment by copying a DLL to the next target and remotely creating a service to execute it.
The impact of these expeditious attacks isn't limited to data loss, as Qbot has also been observed to drop ransomware payloads onto compromised corporate networks.
A Microsoft report from December 2021 captured the versatility of Qbot attacks, making it harder to evaluate the scope of its infections accurately.