article thumbnail

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Krebs on Security

Emerging in 2007 as a banking trojan, QakBot (a.k.a. QakBot is most commonly delivered via email phishing lures disguised as something legitimate and time-sensitive, such as invoices or work orders.

Hacking 309
article thumbnail

QBot Malware Is Making a Comeback by Replacing IcedID in Malspam Campaigns

Heimadal Security

Qbot, also known as “Qakbot” or “Pinkslipbot,” is a banking trojan active since 2007 that’s focusing on stealing user data and banking credentials. In the first months of the year, researchers noticed a malicious email campaign spreading weaponized Office documents that was delivering QBot trojan, and changing the payload after a short while.

Malware 132
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

APT28 targets key networks in Europe with HeadLace malware

Security Affairs

The experts observed the APT deploying Headlace in three distinct phases from April to December 2023, respectively, using phishing, compromised internet services, and living off the land binaries. Insikt Group speculates the operation is aimed at influencing regional and military dynamics.

Malware 141
article thumbnail

Long-existing Bandook RAT targets Windows machines

Security Affairs

Reseachers from Fortinet observed a new variant of a remote access trojan dubbed Bandook that has been used in phishing attacks against Windows users. Bandook has been active since 2007, it has been continuously developed since then and was employed in several campaigns by different threat actors. 7z file.

Malware 132
article thumbnail

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Phishing 145
article thumbnail

QBOT – A HTML Smuggling technique to target victims

Quick Heal Antivirus

QBot, also known as Qakbot, QuackBot, and Pinkslipbot, is a Banking Trojan that was first observed in 2007. The post QBOT – A HTML Smuggling technique to target victims appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

Banking 111
article thumbnail

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Security Affairs

Russia-link cyberespionage APT28 leverages COVID-19 as phishing lures to deliver the Go version of their Zebrocy (or Zekapab) malware. Russia-linked APT28 is leveraging COVID-19 as phishing lures in a new wave of attacks aimed at distributing the Go version of their Zebrocy (or Zekapab) malware. ” concludes the report.

Malware 121