Qbot malware's back, and latest strain relies on Visual Basic script to slip into target machines

    Date01 Mar 2019
    983
    Posted ByBrittany Day

    A new version of the decade-old banking credential-stealing Qbot malware is doing the rounds, according to infosec firm Varonis.

    The latest version, spotted after an unfortunate customer's systems were infected, retains the anti-analysis polymorphism features of the original, Varonis researchers said.

    Once present on a targeted network, the Windows malware starts brute-forcing network accounts from the Active Directory Domain Users group. It also runs the traditional keylogging, hooking (scanning all system processes for banking-related strings and extracting those) and credential-stealing functions.

     
    You are not authorised to post comments.

    LinuxSecurity Poll

    What is your favorite LinuxSecurity.com feature?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    17
    radio
    [{"id":"65","title":"Feature articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"66","title":"News","votes":"1","type":"x","order":"2","pct":100,"resources":[]},{"id":"67","title":"HOWTOs","votes":"0","type":"x","order":"3","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.