qakbot

QakBot, also known as QBot or Pinkslipbot, is a banking trojan primarily used to steal victims’ financial data, including browser information, keystrokes, and credentials. Once QakBot has successfully infected an environment, the malware installs a backdoor allowing the threat actor to drop additional malware—namely, ransomware.

Known Variants

Qbot, Pinkslipbot

Mitigation Strategies

Qakbot has evolved into a highly flexible malware tool used for multiple purposes, such as banking trojans, data exfiltration, and ransomware delivery. To defend against it, organizations should implement strong email filtering systems to block phishing emails, which are the primary delivery method for Qakbot. Endpoint detection tools should be used to identify and block its payloads. Additionally, regular patch management is vital to eliminate any vulnerabilities that Qakbot might exploit.

Targeted Industries or Sectors

originally, Qakbot focused primarily on the financial sector but has since expanded its scope to include healthcare, government, and manufacturing sectors.

Associated Threat Actors

Qakbot is often used by financially motivated cybercriminals and has been observed as part of larger campaigns involving ransomware groups like Conti and Ryuk

References

Ready to uncover malware networks?

We can help you detect malware families and expose their hidden infrastructure blending into malicious networks and hosting providers.

Book your Demo Today

Ready to uncover malware networks?

We can help you detect malware families and expose their hidden infrastructure blending into malicious networks and hosting providers.

Book your Demo Today

Ready to uncover malware networks?

We can help you detect malware families and expose their hidden infrastructure blending into malicious networks and hosting providers.

Book your Demo Today

Hunt Intelligence, Inc.