QakBot banking malware attacks soar

Read time 2min 10sec

Attacks by QakBot, a notorious banking Trojan, grew by 65% in the first seven months of the year, in comparison to the same period in 2020.

Some 17 316 users were attacked globally, highlighting how this threat is becoming more and more of a problem.

This is according to Kaspersky researchers, who have been reviewing updates to the latest version of this Trojan.

When successful, banking Trojans enable bad actors to steal money from victims’ online banking accounts and e-wallets,which is why they are considered a particularly dangerous scouge.

Although QakBot has been around since 2007, its author has invested a lot into its development, turning this Trojan into one of the most powerful and dangerous threats, according to Kaspersky. 

Over and above the standard Trojan functions such as keylogging, cookie-stealing, password and login grabbing, recent versions of QakBot have included functionalities and techniques allowing it to detect if it is running in a virtual environment. Virtual environments or sanboxes are often employed by security solutions and anti-malware specialists to identify malware via its behaviour.

“Now, if the malware detects it’s running in a virtual environment, it can stop suspicious activity or stop functioning completely. In addition, QakBot tries to protect itself from being analysed and debugged by experts and automated tools,” the company says.

Other new and unusual functions discovered by researchers in recent versions of QakBot, include its ability to steal emails from the targeted machine, which can be used in various social engineering campaigns against users in the victim’s email contact list.

Haim Zigel, malware analyst at Kaspersky, says the Trojan is unlikely to stop its activity anytime soon. “This malware continuously receives updates and the threat actors behind it keep adding new capabilities and updating its modules in order to maximise the revenue impact, along with stealing details and information.”

He says Kaspersky has previously seen QakBot being actively spread via the Emotet botnet, whichwas taken down at the beginning of the year. However, judging by the infection attempt statistics, the actors behind QakBot have found a new way of propagating this malicious software.

Kaspersky experts recommend using online banking with multifactor authentication solutions, and ensuring all software is updated – including operating system and all software applications.

See also