Qakbot, a top trojan for stealing bank credentials, has in the past year started delivering ransomware and this new business model is making it harder for network defenders to detect what is and isn’t a Qakbot attack.
Qakbot, is an especially versatile piece of malware, and has been around for over a decade and survived despite multi-year efforts by Microsoft and other security firms to stamp it out. Qakbot in 2017 adopted WannaCry’s lateral movement techniques, such as infecting all network shares and drives, brute forcing Active Directory accounts and using the SMB file-sharing protocol to create copies of itself.
Kaspersky’s recent analysis of Qakbot concluded that it won’t disappear anytime soon. Its detection statistics for Qakbot indicated it had infected 65% more PCs between January to July 2021 compared to the same period in the previous year. So, it is a growing threat.
Microsoft highlights that Qakbot is modular, allowing it to appear as separate attacks on each device on a network, making it difficult for defenders and security tools to detect, prevent and remove. It’s also difficult for