Security researchers at F5 Labs have spotted ongoing attacks using Qbot malware payloads to steal credentials from customers of dozens of US financial institutions. Qbot (also known as Qakbot, Pinkslipbot, and Quakbot) is a banking trojan with worm features used to steal banking credentials and financial data, as well as to log user keystrokes, deploy backdoors, and drop additional malware on compromised machines. Among the banks whose customers have been targeted in this Qbot campaign, the researchers found JP Morgan, Citibank, Bank of America, Citizens, Capital One, Wells Fargo, and FirstMerit Ban.
It\’s not surprising that malware from over ten years ago is still active and recoded for new attacks. Cybercriminals have seen it work successfully in the past and update the code and concepts by injecting it into known processes, which are accepted by antimalware applications.
Organisations will want to implement not only an antimalware application on the endpoints, but also an Endpoint Detection Response (EDR) program to provide additional security of the system with two sets of processes running to detect and react on malware entering the system.
With all antimalware and operating systems, they must be up to date with the latest patterns and critical updates. There is the possibility new malware may not be detected, but it is essential to reduce the risk of an attack.
Employees in the organisation should be aware that visiting unfamiliar or unknown websites can deliver side-channel attacks and bypass the security of their system. They should be mindful of how to alert their security teams in the event of strange behaviours, especially social engineering scams, like phishing.