Friday, June 14, 2024

Qbot Malware Via FakeUpdates Leads the Race of Malware Attacks

Hackers use Qbot malware for its advanced capabilities, including keylogging, credential theft, and backdoor functionality.

Previously distributed Qakbot malware campaign was capable of monitoring the browsing activities of the infected computer and logs all information related to finance-related websites.

Qbot also enables the threat actors to create a persistent presence on infected systems, along with facilitating:

  • Further malicious activities
  • Potential financial gains

Cybersecurity researchers at Checkpoint recently discovered that threat actors actively use Qbot malware via FakeUpdates, leading to the race for malware attacks.

Free Webinar

Fastrack Compliance: The Path to ZERO-Vulnerability

Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.

Technical analysis

Four months after Operation Duck Hunt’s takedown, the Qbot malware was revived in December 2023. FakeUpdates topped the Threat Index and was found to be hitting the education sector hard. 

Qbot resurfaces in a phishing attack on the hospitality sector, posing as IRS. Meanwhile, the DLL-triggered Qbot dominated for 10 months before its takedown.

FakeUpdates claims the top spot with a 2% global impact, while Nanocore holds third for six months. However, there are new entries that are from:

  • Ramnit
  • Glupteba

Qbot was spotted in the wild in less than 4 months post-infrastructure takedown. This shows that disrupting malware isn’t enough, as threat actors always adapt. 

These are the reasons why researchers in the field of cybersecurity highly encourage firms to perform the following:

  • Implement proactive endpoint security
  • Perform thorough email scrutiny

Besides this, the following vulnerabilities are the most exploited, as they affect organizations globally:

  • Apache Log4j Remote Code Execution (CVE-2021-44228) affects 46% of organizations globally.
  • Web Server Malicious URL Directory Traversal affects 46% of organizations globally. 
  • Zyxel ZyWALL Command Injection (CVE-2023-28771) affects 43% of organizations globally.

Top Malware Families

Here below, we have mentioned all the top malware families:

  • FakeUpdates
  • Formbook
  • Nanocore
  • Remcos
  • AsyncRat
  • AgentTesla
  • Phorpiex
  • NJRat
  • Ramnit
  • Glupteba

Top Exploited Vulnerabilities

Here below, we have mentioned all the top exploited vulnerabilities:-

  • Apache Log4j Remote Code Execution (CVE-2021-44228)
  • Web Servers Malicious URL Directory Traversal (CVE-2010-4598,CVE-2011-2474,CVE-2014-0130,CVE-2014-0780,CVE-2015-0666,CVE-2015-4068,CVE-2015-7254,CVE-2016-4523,CVE-2016-8530,CVE-2017-11512,CVE-2018-3948,CVE-2018-3949,CVE-2019-18952,CVE-2020-5410,CVE-2020-8260)
  • Zyxel ZyWALL Command Injection (CVE-2023-28771)
  • Command Injection Over HTTP (CVE-2021-43936, CVE-2022-24086)
  • PHP Easter Egg Information Disclosure (CVE-2015-2051)
  • MVPower CCTV DVR Remote Code Execution (CVE-2016-20016)
  • WordPress portable-phpMyAdmin Plugin Authentication Bypass (CVE-2012-5469)
  • OpenSSL TLS DTLS Heartbeat Information Disclosure (CVE-2014-0160, CVE-2014-0346)
  • HTTP Headers Remote Code Execution
  • D-Link Multiple Products Remote Code Execution (CVE-2015-2051)

Top Mobile Malware

Here below we have mentioned all the top mobile malware:-

  • Anubis
  • AhMyth
  • Hiddad

Top-Attacked Industries Globally

Here below, we have mentioned all the top-attacked industries globally:-

  • Education
  • Research
  • Communications
  • Government
  • Military

Looking for cost-effective penetration testing services? Try Kelltron’s to assess and evaluate the security posture of digital systems. 


Latest articles

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...

0-day Vulnerability In 10,000 Web Apps Exploited Using XSS Payloads

A significant vulnerability, tracked as CVE-2024-37629, has been discovered in SummerNote 0.8.18. It allows...
Tushar Subhra Dutta
Tushar Subhra Dutta
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles