Threat Management, Incident Response, Malware, Network Security, TDR

Cyberattack glitch exposes new strain of Qbot malware

BAE Qbot Report

The malware Qbot relies on stealth to secretly steal victims' credentials, but an unexpected glitch during a recent cyberattack alerted researchers to a new campaign featuring a more virulent strain of the software.

According to a white paper and corresponding release, BAE Systems discovered a new variant of Qbot — the original dates back to 2009 — featuring significant modifications to avoid detection, including:

  • polymorphic code that disguises Qbot's coding signatures
  • automated updates that generate new encrypted versions every six hours to outpace software updates
  • the ability to identify sandbox environments to thwart malware researchers

BAE determined the Qbot variant has infected more than 54,000 PCs globally. However, the plot was uncovered when the malware caused several Windows XP-based computers at a public sector organization to crash. "The criminals tripped up because a small number of outdated PCs were causing the malicious code to crash them, rather than infect them,” said Adrian Nish, BAE's head of cyber threat intelligence in a company statement.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.