QakBot malware: Warning of increasing attacks


Reading time: minutes ( words)
Warning of rising attacks with QakBot malware

Acutely increasing number of attacks by "QakBot" registered

Within the last three days, there has been a very strong accumulation of successful compromises by the "QakBot" malware (also known as "QBot" and "QuackBot") worldwide.

QakBot spreads mainly via targeted spear phishing attacks, where the recipient is asked in an urgent tone to open an attached malicious ISO file (which in turn contains an LNK file and the QakBot payload).

This banking Trojan gives criminals access to online banking accounts, allows leaking user data and reloads malware. The activities are attributed to the threat actors behind the Black Basta ransomware. We have also already actively detected the malware as part of our ACD monitoring. As a preventive measure, which we have already implemented and verified as effective for affected customers, we strongly recommend the following Group Policy Object (GPO) adjustments.

Recommended action

To prevent all image files from being opened and mounted for all devices on the network, we recommend that system administrators make a global change to the Group Policy Objects (GPO). Attached is a screenshot documenting the setting change.

Please set exactly the following value: SCSI\CdRomMsft____Virtual_DVD-ROM_ and additionally a check mark at: "Also apply to matching devices that are already installed".

From our point of view, users should not be able to mount ISO files this way.

Allgeier secion customers with an active Managed Service contract for Active Cyber Defense are of course informed separately about malicious communications on their systems.

Need help upgrading your IT security for 2022? Contact us!

By clicking on the "Submit" button, you confirm that you have read our privacy policy. You give your consent to the use of your personal data for the purpose of contacting you by Allgeier secion, Zweigniederlassung der Allgeier CyRis GmbH.

* Mandatory field

Go back