Security Alert: Shape-shifting Malware Infects Thousands

BAE Systems warns that a modified strain of the Qbot malware has already infected over 54,000 PCs worldwide with 85% of infections occurring in the U.S.

The modified version is network-aware and designed to harvest credentials from a target’s computer systems.

Here are the stats:

  • Qbot uses a “domain generation algorithm” that gives it the ability to call “headquarters” to get additional control instructions.
  • Automated updates to the malware generate different versions, making it difficult for security companies to issue effective anti-virus (AV) updates.
  • Qbot modifies its behavior when it detects that it is running in a sandbox environment (used by AV software to isolate suspected threats), thereby avoiding detection.
  • Current targets are law enforcement agencies, schools and hospitals, but as we all know, cyber-criminals can change their focus anytime—and will!

The original strain of this malware, called Qakbot was initially spread through infected websites containing JavaScript that exploited browser vulnerabilities. Although the BAE article didn’t mention how the new Qbot malware is spread, it would be safe to assume that it is propagated, at least in part, the same way as the original strain.

Users should also be very careful of infected links in SPAM emails. Infected links often redirect users to compromised sites where the malware is downloaded onto the target’s computer.

Qbot is expected to evolve into a major cyber-threat. Beware.


Joseph Imperato Sr. is the Managing Partner for XSolutions Consulting Services, a Managed Services Provider (MSP) delivering Computer Support, Business Continuity, Cloud Services, and IT Consulting to New York, New Jersey, and Connecticut businesses. Call us at (845) 362-9675 and see how we can help your company.