Posted on Saturday March 02, 2019
itwbennett writes: Security researchers at Varonis have uncovered a new attack using a new version of the venerable Qbot malware that "creates scheduled tasks and adds entries to the system registry to achieve persistence," writes Lucian Constantin, reporting on the attack for CSO. "The malware then starts recording all keystrokes typed by users, steals credentials and authentication cookies saved inside browsers, and injects malicious code into other processes to search for and steal financial-related text strings." The researchers "found logs showing 2,726 unique victim IP addresses," writes Constantin, but because "computers inside an organization typically access the internet through a shared IP address, the researchers believe the number of individually infected systems to be much larger." The malware first appeared in 2009 and was found to be uploading 2GB of stolen confidential information to its FTP servers each week by April 2010 from private and public sector computers, including 1,100 on the NHS network in the UK. A modified version of the malware resurfaced in April 2016 that was believed to have infected more than 54,000 PCs in thousands of organizations around the world. As Varonis now reports, Qbot is making yet another comeback.
Phone: +1-989-776-2080
Toll Free: +1-855-674-2968
Email: info (at) netservicesgroup dot com
DUNS 155892800
SPIN 143027933
100% Michigan
NSG is owned & operated, offering enterprise-level IT service & support, right in your own back yard.