Qbot Campaign Targets Dozens of US Banks
NJCCIC Alert
Original Release Date: 6/19/2020
Summary
F5 researchers identified a recent Qbot campaign targeting banking customers. Recent analysis of the Qbot malware indicates the campaign is primarily focused on US banking customers, targeting approximately 36 financial institutions in the US and two within Canada and Netherlands. The primary attack vector appears to be through browser hijacks, or redirects, though some instances were introduced through executables delivered in phishing emails or via an open file share. Once a device is successfully infected, Qbot monitors the victim’s web traffic for specific financial services in order to harvest credentials. Additionally, this new version of the trojan has added detection and evasion features, as well as anti-virtual machine techniques to avoid technical analysis.
Recommendations
The NJCCIC recommends users to ensure operating systems, browsers, mail clients, and anti-virus software are patched and up to date. Additionally, users are encouraged to educate others of this and other threats to avoid further victimization. If fraudulent purchases are identified, users are urged to report the activity to their financial institution immediately. Technical details and Indicators of Compromise can be found in the F5 Labs article.
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.