03 May 19, 18:54
(This post was last modified: 03 May 19, 18:55 by silversurfer.)
Quote:A well-known form of malware which has been stealing login credentials and finances from enterprises for over a decade has once again been updated with new tricks to make it more effective at avoiding detection.
Qakbot - also known as Qbot - has been afflicting businesses since 2008, using worm-like capabilities to spread. The information-stealing trojan malware targets Microsoft Windows systems in an effort to create backdoors and make off with the usernames and passwords which can provide access to financial data.
Now Qakbot has been updated with a new persistence mechanism which makes it harder for victims to detect and remove the malware. The new obfuscation technique has been detailed by cybersecurity researchers at Cisco Talos.
Victims of the malware are usually infected via a dropper which, when successfully installed, will create a scheduled task on the infected machine that instructs it to execute a JavaScript downloader from one of a number of attacker-controlled malicious domains.
SOURCE: https://www.zdnet.com/article/this-passw...in-hidden/
![[-]](https://www.geeks.fyi/images/collapse.png)
