- Jun 9, 2013
- 6,720
If a large number of users are getting locked out of your organization's Active Directory domain, it is possible that some of them may have been infected with QakBot, a rare but very dangerous malware strain.
QakBot, also known as Qbot or PinkSlip, is a banking trojan that was first spotted in 2009. Despite being deployed in malware campaigns very rarely, QakBot is one of the most advanced banking trojans on the market today, with many features rivaling the more famous Dridex, Ramnit, or Gozi trojans.
To avoid over-exposing their operations, QakBot's authors avoid spreading their banking trojan via mundane spam targeting average Joes.
Instead, the team behind QakBot deploy it in highly-targeted campaigns, aimed only at large companies in very lucrative industry sectors, such as corporate banking, financial institutions, treasury services, and others.
During the past few years, researchers have spotted only a few QakBot campaigns. There was one in October 2014, then one in April 2016. Recently, in mid-May, researchers spotted another wave of QakBot attacks.
QakBot adds support for self-mutating mechanism
With this new wave of attacks, QakBot received new features. The most important of these is support for a polymorphism mechanism that allows the malware to self-mutate in transit, as it moves inside a company's network.
Read More. Banking Trojan Locks Users Out of Active Directory Domains
QakBot, also known as Qbot or PinkSlip, is a banking trojan that was first spotted in 2009. Despite being deployed in malware campaigns very rarely, QakBot is one of the most advanced banking trojans on the market today, with many features rivaling the more famous Dridex, Ramnit, or Gozi trojans.
To avoid over-exposing their operations, QakBot's authors avoid spreading their banking trojan via mundane spam targeting average Joes.
Instead, the team behind QakBot deploy it in highly-targeted campaigns, aimed only at large companies in very lucrative industry sectors, such as corporate banking, financial institutions, treasury services, and others.
During the past few years, researchers have spotted only a few QakBot campaigns. There was one in October 2014, then one in April 2016. Recently, in mid-May, researchers spotted another wave of QakBot attacks.
QakBot adds support for self-mutating mechanism
With this new wave of attacks, QakBot received new features. The most important of these is support for a polymorphism mechanism that allows the malware to self-mutate in transit, as it moves inside a company's network.
Read More. Banking Trojan Locks Users Out of Active Directory Domains
