skip to Main Content

Cybercrime, Quakbot exploits ADV TOURS d.o.o.” company certificates

Technical analysis by the Malware Hunter JAMESWT

ADV TOURS d.o.o.” company certificates exploited by a new Quakbot campaign

“ADV TOURS d.o.o.” company certificates have been used by a new Quakbot campaign to sign the attachment. Objective: To allow victims to download and install the malware, tricking the antivirus. The files, detected by MalwareHunterTeam, if opened, contact a url to download the dll, disguised as an image, from which the malware infection starts. For this purpose, organizations from different countries have been exploited. In the last period have been used many signatures. They include those related to:

  • Mislean Software Limited
  • Master Networking s.r.o.
  • DocsGen Software Solutions Inc.
  • Digital Capital Management Ireland Limited
  • Equal Cash Technologies Limited
  • Korist Networks Incorporated
  • Instamix Limited
  • Akhirah Technologies Inc.
  • Bamboo Connect s.r.o.
  • OLIMP STROI OOO
  • BOREC OOO
  • Cubic Information Systems UAB
  • Highweb Ireland Operations Limited
  • VESNA OOO
  • THREE D CORPORATION PTY LTD
  • Umbrella LLC
  • Olymp LLC
  • Hairis LLC
  • SERVICE STREAM LIMITED
  • ABEL RENOVATIONS, INC
  • TRAUMALAB INTERNATIONAL APS
  • OOO Vertical
  • APPI CZ
  • APP DIVISION ApS
  • FORTUNE STAR TRADING, INC
  • Bitubit LLC
  • Aqua Direct s.r.o
  • FedEx
  • STROI RENOV SARL
  • ABC BIOS d.o.o.
  • Kayak Republic af 2015 APS
  • Tecno trade d.o.o
  • PROTIP d.o.o. – v stečaju
  • ADV TOURS d.o.o.

The malware is a banking trojan with worm capabilites

QuakBot (aka Qbot) malware is a modular cybercrime banking trojan known to target businesses to steal money from their online banking accounts. It features worm capabilities to self-replicate through shared drives and removable media. The code uses powerful information-stealing features to spy on users’ banking activity.

Back To Top