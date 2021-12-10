The Qakbot banking trojan, which has been around for over a decade, is on the rise in 2021, thanks to new tricks added to its operation and structure that make it difficult to detect. The problem is so noticeable that Microsoft, to help potential businesses and users affected by the virus, has released a guide with details of the threat.

According to a recent Kaspersky survey, Qakbot, between January and July 2021, infected 65 percent more computers than in the entire 2020, placing it as a rising threat during the current year.

Because of this, Microsoft released a report, describing the threat and how people can prevent an infection with it. According to the Windows developer, it is important to keep in mind that as Qakbot is modular, it can distribute and appear as different attacks on different devices on the network, making it difficult to detect.

One of Qakbot’s modules works on the framework of Cobalt Strike, threat emulation software adapted by criminals to break into machines, it can be rented by other cybercrime gangs for distribution to their own malicious agents.

According to Trend Micro, ransomware threats such as 2019’s MegaCortex and PwndLocker, 2020’s Egregor and Prolock, and 2021’s REvil have used this method in some of their attacks.

how the attack works

According to Microsoft, most Qakbot attacks start from links, images and attachments in emails, which when opened infect devices with the threat. Another method was also detailed, which uses macros (operation patterns) made in Visual Basic for Applications (VBA) or in legacy Excel 4.0 standards, to be able to hack and steal data from devices.

After infection, Qakbot hides its malicious processes by injecting them into scheduled tasks on the system, as well as making changes to the Windows registry to remain undetected.

Using these hidden processes, the threat starts its sideways movement across the network where the infected device is connecting, collecting data and credentials from those systems.

To mitigate the potential impact of a Qakbot intrusion, Microsoft recommends that users turn on Office 365 anti-phishing protection, utilize SmartScreen, and scan their systems with anti-virus protections whenever possible.