Qbot Malware Resurfaces In New Attack Against Businesses

itwbennett writes: Security researchers at Varonis have uncovered a new attack using a new version of the venerable Qbot malware that 'creates scheduled tasks and adds entries to the system registry to achieve persistence,' writes Lucian Constantin, reporting on the attack for CSO. 'The malware then starts recording all keystrokes typed by users, steals credentials and authentication cookies saved inside browsers, and injects malicious code into other processes to search for and steal financial-related text strings.' The researchers 'found logs showing 2,726 unique victim IP addresses,' writes Constantin, but because 'computers inside an organization typically access the internet through a shared IP address, the researchers believe the number of individually infected systems to be much larger.' The malware first appeared in 2009 and was found to be uploading 2GB of stolen confidential information to its FTP servers each week by April 2010 from private and public sector computers, including 1,100 on the NHS network in the UK. A modified version of the malware resurfaced in April 2016 that was believed to have infected more than 54,000 PCs in thousands of organizations around the world. As Varonis now reports, Qbot is making yet another comeback.

Read more of this story at Slashdot.