A recent report conducted by Proofpoint indicates large number of WordPress websites that had been compromised to perform a drive-by download of Qbot, also known as Qakbot, a malicious software program.
Proofpoint analyzed the malware and found an unprotected control panel on a server used by the gang to control the computers. The control panel yielded a wealth of information about the malware campaign, which Proofpoint said collected 800,000 credentials for online bank accounts, many of which were at five US banks and some Europe-based financial institutions.
52% of the compromised computers were running Windows XP, and most of those computers were running Internet Explorer. Qbot uses a technique called browser “hooking” to steal banking credentials.
In addition to stealing online banking credentials, the attackers also appear to be making money from the hacked computers in other ways. The Qbot malware also has a module called “SocksFabric” for a tunneling network. That network can be rented to other cybercriminals who can use the hacked computers as proxies to shuffle their own data around or mask their activity.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now