Sunday, December 14, 2025 | Jumada al-akhirah 22, 1447 H
clear sky
weather
OMAN
20°C / 20°C
EDITOR IN CHIEF- ABDULLAH BIN SALIM AL SHUEILI

QakBot banking malware attacks jump 65%

Published: 5:16 PM, Sep 20, 2021
FILLER
20-9-21
20-9-21
minus
plus

BUSINESS REPORTER


MUSCAT, Sept 20


The number of users attacked with QakBot – a powerful banking Trojan, in the first seven months of 2021 grew by 65 per cent in comparison to the same period in 2020 and reached 17,316 users worldwide, demonstrating that this threat is increasingly affecting internet users. This rise has drawn the attention of Kaspersky researchers to the subject, leading them to review updates to the latest version of this Trojan.


Banking Trojans, when they have successfully infected a targeted computer, allow cybercriminals to steal money from victims’ online banking accounts and e-wallets – which is why they are considered one of the most dangerous types of malware. QakBot was identified as early as 2007 as one of the many banking Trojans. However, in recent years, QakBot’s developer has invested a lot into its development, turning this Trojan into one of the most powerful and dangerous among existing examples of this malware type.


In addition to functions that are quite standard for banking Trojans, like keylogging, cookie-stealing, passwords, and login grabbing, recent versions of QakBot have included functionalities and techniques allowing it to detect if it is running in a virtual environment. The latter is often used by security solutions and anti-malware specialists to identify malware via its behavior. Now, if the malware detects it’s running in a virtual environment, it can stop suspicious activity or stop functioning completely.


In addition, QakBot tries to protect itself from being analyzed and debugged by experts and automated tools.


The other new and unusual function spotted by researchers in recent versions of QakBot is its ability to steal emails from the attacked machine. These emails are later used in various social engineering campaigns against users in the victim’s email contact list.


“QakBot is unlikely to stop its activity anytime soon. This malware continuously receives updates and the threat actors behind it keep adding new capabilities and updating its modules in order to maximize the revenue impact, along with stealing details and information.


Previously, we’ve seen QakBot being actively spread via the Emotet botnet. This botnet was taken down at the beginning of the year, but judging by the infection attempt statistics, which have grown in comparison to the last year, the actors behind QakBot have found a new way of propagating this malicious software,” said Haim Zigel, malware analyst at Kaspersky.


Oman Observer is now on the WhatsApp channel. Click here

SHARE ARTICLE
arrow up
home icon