Qakbot — also known as Qbot and Pinkslipbot— was originally a banking trojan that was first discovered in the wild in 2008. While the malware’s primary purpose is to steal login credentials for online banking, it has also been used as a delivery mechanism for other types of malware, such as ransomware, and can act as a remote access trojan (RAT).
While Qbot has been around for several years, it has recently risen to prominence. According to Check Point’s 2023 Mid-Year Security Report, it was the most prevalent malware worldwide.
Qakbot is primarily spread via spam and phishing email campaigns. The malware can be delivered by a malicious email in a variety of ways, including malicious links and various types of attachments. However, the malware can also be spread via other means as well, such as being dropped by Emotet. Also, once it gains a foothold within a network, Qbot may also spread itself laterally through the network to infect additional machines.
Once installed on a system, Qbot can perform various actions, including the following:
Qbot’s wide range of built-in capabilities and ongoing development make it a significant threat to corporate and personal cybersecurity. By collecting past emails from infected machines, the malware can improve the believability of spam and phishing emails by masquerading as a response to a legitimate email thread. Once an attacker has compromised the credentials for a user’s online banking account, they can use backdoor access to perform transactions from an IP address that is known and trusted by the banking site.
Qbot malware has been in operation for 15 years, demonstrating that it is a strong, actively-maintained malware variant. Its evolving capabilities also expand the risk that it poses to organizations and individuals as it improves its ability to infect systems and adds the threat of follow-on ransomware infections.
Like other malware variants, there are steps that organizations and individuals can take to manage the threat of Qbot. Some malware security best practices include the following:
Qakbot has been around for a while, and in H1 2023, it was the top malware variant in operation. However, while Qbot is a significant threat, it is one among many that companies face. To learn more about the current state of the cyber threat landscape and the malware and other threats that companies need to protect themselves against, check out Check Point’s 2023 Mid-Year Cyber Security Report.
For Qbot and other malware variants, one of the most effective defenses is an endpoint security solution. An effective endpoint security tool can identify and block malware infections as well as support the investigation and remediation of existing ones.
Check Point Harmony Endpoint provides strong protection against Qbot and other malware and is an integrated part of Check Point’s security platform, simplifying cybersecurity management. To learn more about Harmony Endpoint’s capabilities and how it can help your organization’s security, sign up for a free demo.