Qbot Trojan Evolves With New Evasion Techniques Targeting U.S.banks

Qbot is a banking Trojan that was discovered in 2008, and since then has kept its game up. Also known as QakBot, resurfaces again and again with new invasive techniques.

Qbot is particularly a banking Trojan or an info-stealer that steals credentials of bank accounts for various cyber-crimes. Thus, it has managed to conduct several attack campaigns, victimizing financial institutions, many corporations and businesses in various countries.

Now, again a researcher claims of its new evasion technique that targets U.S. banks.

Qbot New Evasion Technique Targets 36 Financial institutions of U.S.

Doron Voolf, a malware analyst at F5 labs mentions in its blogpost,

“It has a new packing layer that scrambles and hides the code from scanners and signature-based tools,”
“It also includes anti-virtual machine techniques, which helps it resist forensic examination.”

Qbot Trojan can steal banking data from the victim’s device. For this, it collects cookie data, extracts login credentials via keyloggers, process hooking as well as steals data from bank accounts via spying on browsing activity.

However, the F5 Labs discovered some additions to the Qbot Trojan. While analyzing the samples of the earlier detection, the latest one particularly targets the U.S banks.

Recent Discoveries

According to the Voolf, the new evasion of Qbot is programmed to steal credentials of the U.S. banks and other online financial services offered by them.

F5 suspects of 36 U.S. financial institutions and 2 banks in Canada and
the Netherlands as the new targets of Qbot Trojan.

Including are J.P. Morgan, Citibank, Fifth Third Bank, U.S. Bancorp, Citizens Bank, Keybank, Bank of America, Capital One, First Citizens Bancshares, First Horizon Bank, SunTrust, Compass Bank, TD Bank, Wells Fargo, Frost Bank, TCF Bank, Huntington Bancshares, M&T Bank, Scotiabank, First Merit Corporation, Eastern Bank, ABN AMRO, PNC Bank, Silicon Valley Bank and others.

Further, they also identified 6 generic URL targets that may act as a second stage of the fraud action.

What should you do to Stay Safe?

In the case of such attacks, if you are one of the victims, there are several steps that you can take to ensure your safety and security.

  • It is always better to change the passwords. Make sure to keep the password secure that should not contain any of your personal details such as date of birth or anniversary.
  • Enable two-factor authentication for your applications.
  • Make sure to install antivirus/anti spyware program. Prefer not to look for cheap alternatives.
  • Switch on email scanning in the antivirus or anti-spyware applications. Also, install an antivirus on your smartphone.
  • If you get an email from your bank or an unknown mail ID, please do not click on any link. If it is asking you to log in to your bank account and make some changes, prefer to use the bank’s website to login.

Protect your computer with HitmanPro Now

Although, it is very important to enable 2FA on your accounts, and use strong passwords. But to keep the passwords secure you should use a reputable Password Manager tool like Dashlane(Review).

Dashlane Password Manager tool

Dashlane Password Manager tool

To secure Your Digital Wallets download DashLane Password Manager Now.

More From Unboxhow