The venerable banking Trojan known as Q-bot is back in the news, having recently been spotted in the wild as part of a sophisticated new phishing campaign designed to claim a new generation of victims.
Q-bot is one of the oldest banking Trojans still in use, and has a history that stretches back more than a decade.
In this most recent incarnation, the malware is being delivered via an email which appears to be a reply to an existing email chain. The body of the email contains a poisoned link which, if clicked will install the malware in the background.
Once in place, it creates a backdoor to the compromised machine in question, allowing hackers access any time they like. It also serves as a key logger and general spy. It can steal financial data, banking data, other logins, credentials, and of course, makes it possible for the hackers to install additional malware as they see fit.
The reason Q-bot is still enjoying use of stolen data is that it’s very good at what it does, and the developers of the code have taken steps to keep it up to date. This, combined with finding new and innovative ways of introducing the Trojan onto target systems has made it as close to a persistent threat as we’ve seen when it comes to malicious code.
The latest campaign appears to borrow from the success of a similar campaign launched last year involving a Trojan with comparable functionality called Emotet.
This serves as confirmation that different hacking groups around the world are learning from one another, comparing notes, and developing an increasingly robust set of best practices. All this makes it increasingly more difficult to effectively defend against such threats. Stay vigilant and be sure to remind your employees never to open emails or click links inside emails, even if they appear to be from a trusted source.