Check Point has released its monthly Global Threat Index for August 2020. According to the researchers, the updated Qbot Trojan (aka QuakBot, Qakbot and Pinkslipbot) first entered the TOP of the most widespread malware in the world, where it took tenth place.Experts discovered Qbot back in 2008, and over the years it has evolved from an ordinary info-stealer into a real “Swiss knife” for hackers.
Today, Qbot is capable of, for example, delivering other types of malware to the infected system, and can even be used to remotely connect to the target system to carry out banking transactions using the victim’s IP address.
“As a rule, Qbot spreads in a classic way: through phishing emails that contain dangerous attachments or lure users to malicious sites controlled by hackers”, – say the researchers.
Check Point experts remind that the updated version of Qbot can steal emails from its victims and then use them to send spam, thereby creating more believable decoys.
Between March and August 2020, Check Point researchers discovered several campaigns with an updated version of Qbot, including a campaign where malware was masked using Emotet. According to experts, in July 2020, this campaign affected 5% of organizations in the world.
“Attackers are always looking for ways to improve malware. Now they are clearly investing heavily in the development of Qbot – it can be used to massively steal data from organizations and ordinary users. We have already seen active malicious spam campaigns that Qbot has been distributing. We also noted that sometimes Qbot is spread using another Trojan, Emotet”, – says Vasily Diaghilev, head of Check Point Software Technologies.
Overall, in August 2020, the top of most active malware looked like this:
- Emotet is an advanced self-spreading modular Trojan. Was once an ordinary banker, but has recently been used to distribute malware and campaigns. New functionality allows sending phishing emails containing malicious attachments or links.
- Agent Tesla – Advanced Remote Access Trojan (RAT). AgentTesla has been infecting computers since 2014, acting as a keylogger and password stealer.
- FormBook is an info-stealer first discovered in 2016. It is marketed as MaaS in underground hacking forums due to its advanced evasion techniques and relatively low cost. FormBook collects credentials from various browsers, takes screenshots, monitors and logs keystrokes, and can download and execute files as ordered from the command server.
Let me remind you that Emotet topped the rating of the most common threats in 2019 and, it seems, is not going to lose its positions.
Companies need to consider introducing security solutions that will prevent such content from reaching users. It is important to remind employees to be very careful when opening emails, even if at a glance they appear to come from a trusted source.