Password theft is undoubtedly one of the main targets of hackers. So is being able to access and read emails, in addition to impersonating your identity. In this article we echo Qbot, a threat that needs only 30 minutes to steal passwords and read emails. We are going to give some tips to be protected at all times.
Qbot reads emails and steals passwords in minutes
This malware is also known as QuakBot and Qakbot, but more commonly referred to as Qbot. It is not a new threat, but its current characteristics are. According to computer security researchers who have detected it, just half an hour after infection it is capable of stealing confidential data and reading e-mails.
Specifically, these researchers have detected that it takes just 30 minutes for Qbot to steal data from the browser and email, and about 50 minutes to move to another computer connected to the same network. These are undoubtedly fast times, which implies a greater risk for users.
Upon infection, Qbot malware is able to gain privileges immediately and starts scanning within minutes. But how does it get into the victim’s computer? It generally uses an Excel file for this and uses a macro to sneak the DLL loader onto the infected device.
It is this payload that is subsequently executed to create a scheduled task. In addition, it adds the DLL to the Windows Defender exclusion list, so it is not detected once msra.exe, the process with which this malware begins to act, is not detected.
From there, Qbot can steal emails, use them to launch phishing attacks and sell them to third parties. It is capable of stealing credentials from Windows memory and also from web browsers. You can even reach other connected computers on the same network.
But it must be mentioned that it is a stealthy threat, since once it has fulfilled its mission it is eliminated so as not to leave a trace. Undoubtedly, these rapid attacks can pose a real problem for user security and will allow passwords and emails to be stolen in a very short time.
Tips to be protected
So what can we do to be protected? The most important thing is going to be common sense . We have seen that everything is executed through an Excel file. We must be careful with what documents we download and never open any file that may be suspicious, since it could put our security at risk.
On the other hand, it is also essential to have good security programs . These antivirus, firewall or any other tools must be updated at all times. Only in this way will we be able to be protected against the most current threats that can steal data and passwords.
Keeping systems up to date will also be vital. This way we will correct the vulnerabilities that may appear. With the patches of the operating system or of any tool that we have installed, we are going to ensure that hackers cannot exploit these flaws and get into the computers. You should especially improve remote desktop security, if you use it.