Skip to main content

Persistent Banking Trojan Virus Launches New Phishing Scam

By May 13, 2019May 21st, 2021Cybersecurity

The venerable banking Trojan known as Q-bot is back in the news, having recently been spotted in the wild as part of a sophisticated new phishing campaign designed to claim a new generation of victims.

Q-bot is one of the oldest banking Trojans still in use, and has a history that stretches back more than a decade.

In this most recent incarnation, the malware is being delivered via an email which appears to be a reply to an existing email chain.  The body of the email contains a poisoned link which, if clicked will install the malware in the background.

Once in place, it creates a backdoor to the compromised machine in question, allowing hackers access any time they like.  It also serves as a key logger and general spy. It can steal financial data, banking data, other logins, credentials, and of course, makes it possible for the hackers to install additional malware as they see fit.

The reason Q-bot is still enjoying use of stolen data is that it’s very good at what it does, and the developers of the code have taken steps to keep it up to date.  This, combined with finding new and innovative ways of introducing the Trojan onto target systems has made it as close to a persistent threat as we’ve seen when it comes to malicious code.

The latest campaign appears to borrow from the success of a similar campaign launched last year involving a Trojan with comparable functionality called Emotet.

This serves as confirmation that different hacking groups around the world are learning from one another, comparing notes, and developing an increasingly robust set of best practices. All this makes it increasingly more difficult to effectively defend against such threats.  Stay vigilant and be sure to remind your employees never to open emails or click links inside emails, even if they appear to be from a trusted source.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.