June 16, 2020 By Tara Seals
The 12-year-old malware is still dangerous, sporting advanced evasion techniques.
Qbot, an ever-evolving information-stealing trojan that’s been around since 2008, has reappeared after a hiatus to target customers of U.S. financial institutions. Its latest variant features fresh capabilities to help it remain undetected.
Qbot (a.k.a. Qakbot or Pinkslipbot) harvests browsing data and financial info, including online banking details. Some of its tricks include keylogging, credential theft, cookie exfiltration and process hooking. Qbot has previously evolved to add a “context-aware” delivery technique; and in another case added a six-hour evolution cycle to evade detection.
Researchers at F5 have uncovered recent activity using a new variant that also strives hard to avoid analysis. The first samples of the new strain first emerged in January in Virus Total, they told Threatpost.