Security researchers at F5 Labs have spotted ongoing attacks using Qbot malware payloads to steal credentials from customers of dozens of US financial institutions. Qbot (also known as Qakbot, Pinkslipbot, and Quakbot) is a banking trojan with worm features used to steal banking credentials and financial data, as well as to log user keystrokes, deploy backdoors, and drop additional malware on compromised machines. Among the banks whose customers have been targeted in this Qbot campaign, the researchers found JP Morgan, Citibank, Bank of America, Citizens, Capital One, Wells Fargo, and FirstMerit Ban.

F5 states in its report that most users are infected through web redirects but doesn\’t explicitly state how users\’ browsers are hijacked in the first place. A lot of web redirect attacks are the result of aggressive adware being installed on the device. Adware is often installed alongside other software and extensions, particularly freeware and shareware. Windows users should be cautious when downloading and installing any third-party apps or browser extensions, especially those that try to install additional software. Keeping apps up to date and antivirus enabled can stop the malware, but it\’s best not to get infected in the first place.
The Qbot campaign underscores the need for consumers to remain ever alert for phishing schemes like the one used to infect a user\’s computer. The infection usually takes place when a user clicks a link in an email, which forwards them to a webpage that injects malware onto their computer. Users should NEVER click a link in any email, even if it appears to be sent by a known party. Always check the email address to make sure it was actually sent by a legitimate sender. Even then, contact the alleged sender to make sure they actually sent it.