skip to Main Content

Cybercrime, the “signed” Quakbot campaign continues worldwide

Cyber security experts JAMESWT and MalwareHunterTeam continue discovering companies used by cybercrime to spread Qakbot in a “signed” campaign. It exploits certificates to decept the anti virus. The malware is a powerful modular banking trojan with strong persistence (updated at 16:00 of September 23 2020)

Cybercrime actors continue to count on a “signed” campaign to spread Qakbot. It has been discovered by cyber security experts JAMESWT and MalwareHunterTeam. It exploits company certificates to sign the executable. The objective is to decept the anti virus and let the victims download and install the malicious file through an attachment. The criminal hackers exploit organizations from different countries. In the last period have been used many signatures. They include those related to:

Mislean Software Limited

Master Networking s.r.o.

DocsGen Software Solutions Inc.

Digital Capital Management Ireland Limited

Equal Cash Technologies Limited

Korist Networks Incorporated

Instamix Limited

Akhirah Technologies Inc.

Bamboo Connect s.r.o.

OLIMP STROI OOO

BOREC OOO

Cubic Information Systems UAB

Highweb Ireland Operations Limited

VESNA OOO

THREE D CORPORATION PTY LTD.

The malware is a modular banking trojan known to target businesses to steal money from their online banking accounts. It features worm capabilities to self-replicate through shared drives and removable media. The code uses powerful information-stealing features to spy on users’ banking activity.

 

Back To Top