Check Point has released its monthly Índice de amenaza global for August 2020. Según los investigadores, el troyano Qbot actualizado (también conocido como QuakBot, Qakbot, y Pinkslipbot) Entró por primera vez en el TOP del malware más extendido en el mundo., donde ocupó el décimo lugar.
Los expertos descubrieron Qbot en 2008; A través de los años, it has evolved from an ordinary info-stealer into a real «Cuchillo suizo» para piratas informáticos.
Hoy, Qbot is capable of, por ejemplo, delivering other types of malware to the infected system, and can even be used to remotely connect to the target system to carry out banking transactions using the victim’s IP address.
Como una regla, Qbot spreads in a classic way: through phishing emails that contain dangerous attachments or lure users to malicious sites controlled by hackers – dicen los investigadores
Check Point experts remind that the updated version of Qbot can steal emails from its victims and then use them to send spam, thereby creating more believable decoys.
Between March and August 2020, Check Point researchers discovered several campaigns with an updated version of Qbot, including a campaign where malware was masked using Emotet. Según los expertos, en julio 2020, this campaign affected 5% of organizations in the world.
Attackers are always looking for ways to improve malware. Now they are investing heavily in developing Qbot – it can be used to steal data massively from organizations and ordinary users. We have already seen active malicious spam campaigns that Qbot has been distributing. We also noted that sometimes Qbot is spread using another Trojan, La emocion – says Vasily Diaghilev, head of Check Point Software Technologies
En general, en agosto 2020, the top most active malware looked like this:
- La emocion is an advanced self-spreading modular Trojan. Was once an ordinary banker but has recently been used to distribute malware and campaigns. New functionality allows sending phishing emails containing malicious attachments or links.
- Agente Tesla – Advanced Remote Access Trojan (RATA). AgentTesla has been infecting computers since 2014, actuando como registrador de teclas y ladrón de contraseñas.
- Libro de formularios is an info-stealer first discovered in 2016. It is marketed as MaaS in underground hacking forums due to its advanced evasion techniques and relatively low cost. FormBook collects credentials from various browsers, takes screenshots, monitors, and logs keystrokes, and can download and execute files as ordered from the command server.
Déjame recordarte que Emotet encabezó la clasificación de las amenazas más comunes en 2019 y, parece, is not going to lose its positions.
Companies must consider introducing security solutions to prevent such content from reaching users. It is important to remind employees to be very careful when opening emails, even if they appear to come from a trusted source at a glance.
