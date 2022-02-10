Upon infection, the Qbot malware is capable of get privileges immediately and start scanning in just minutes. But how does it get into the victim’s computer? It generally uses an Excel file for this and uses a macro to sneak the DLL loader onto the infected device.

Specifically, these researchers have detected that Qbot takes just 30 minutes to steal browser and email data and about 50 minutes to move to another computer connected to the same network. These are undoubtedly fast times, which implies a greater risk for users.

This malware is also known as QuakBot and Qakbot, but more commonly referred to as Qbot. It is not a new threat, but its current characteristics are. According to computer security researchers who have detected it, in just half an hour After infection, it is capable of stealing confidential data and reading e-mails.

It is this payload that is subsequently executed to create a scheduled task. In addition, it adds the DLL to the Windows Defender exclusion list, so it is not detected once msra.exe, the process with which this malware begins to act, is not detected.

From there, Qbot can steal emails, use them to launch phishing attacks and be able to sell them to third parties. It is capable of stealing credentials from Windows memory and also from web browsers. You can even reach other connected computers on the same network.

But it must be mentioned that it is a stealthy threat, since once it has fulfilled its mission it is eliminated so as not to leave a trace. Undoubtedly, these rapid attacks can pose a real problem for user security and will allow passwords and emails to be stolen in a very short time.

Tips to be protected

So what can we do to be protected? The most important thing will be common sense. We have seen that everything is executed through an Excel file. We must be careful with what documents we download and never open any file that may be suspicious, since it could put our security at risk.

On the other hand, it is also essential to have good security programs. These antivirus, firewall or any other tools must be updated at all times. Only in this way will we be able to be protected against the most current threats that can steal data and passwords.

It will also be vital to have the updated systems. This way we will correct the vulnerabilities that may appear. With the patches of the operating system or of any tool that we have installed, we are going to ensure that hackers cannot exploit these flaws and get into the computers. You should especially improve remote desktop security, if you use it.