QBot Now Attacks Using Black Basta Ransomware

QBot is a banking virus active since 2007 that steals user data and banking credentials. The malware contains novel distribution methods, C2 tactics, and anti-analysis characteristics. Some campaigns distribute Qbot directly, but it’s also a supplementary payload for Emotet.

QBot (QuakBot) is a Windows malware that steals bank credentials, and Windows domain credentials, and delivers further malware payloads on infected devices.

What Happened?

The Black Basta ransomware operation has teamed up with the QBot malware operation in order to propagate laterally across business networks that have been hijacked.

Phishing attempts that include malicious attachments are the typical vector via which Qbot infects its victims. In spite of the fact that it began as a banking trojan, it has been involved in a number of partnerships with other ransomware gangs, some of which include MegaCortex, ProLock, DoppelPaymer, and Egregor.

Black Basta is a relatively new ransomware operation that got off to a very good start, penetrating a huge number of enterprises in a very short amount of time while simultaneously demanding significant ransom payments.

According to BleepingComputer, the analysts from the NCC Group made the discovery of the new alliance between Qakbot and Black Basta during a recent incident response. During this

Read More: https://heimdalsecurity.com/blog/qbot-now-attacks-using-black-basta-ransomware/