Security Experts:

Connect with us

Hi, what are you looking for?


Malware & Threats

Latest Online Fraud Report Says Qakbot is No Laughing Matter

Qakbot Trojan Targets Business Accounts at Financial Institutions

Qakbot Trojan Targets Business Accounts at Financial Institutions

On Monday, RSA released the findings of its monthly Online Fraud Report for October 2010. The latest fraud report puts a particular focus on the Qakbot Trojan, and while Qakbot isn’t new (it attacked the UK’s National Health Service earlier this year), RSA has identified several attributes that make this Trojan stand out from the crowd.

Qakbot is the first Trojan seen to exclusively target business and corporate financial accounts and is designed to spread like a worm—infecting multiple machines at a time—while also stealing data like an ordinary Trojan such as Zeus. Additionally, Qakbot appears to be the first Trojan to separate out targeted credentials, from other stolen information on the client side rather than in a drop zone.Fraud Report October 2010

Additionally, the latest online fraud report shows that September was the seventh consecutive month nationwide banks in the U.S. continued to be targeted most by cybercriminals, taking 64 percent of all attacks.

The detail of information captured by Qakbot is astonishing. RSA notes that “Every time an infected user accesses a website, the Trojan organizes data transmitted from the victim’s machine into three separate files: System Information (IP address, DNS server, country, state, city, software applications installed), Seclog (HTTP/S POST requests), and Protected Storage (information saved in the Internet Explorer Protected Storage and auto complete credentials including usernames, passwords, and browser history).” Capturing all this data actually helps cybercriminals build their own “intelligence centers” which can help them develop more effective attacks in the future. After all, cybercrime organizations have business models too.

According to the report, RSA identified 16,274 worldwide phishing attacks in September – a nine percent decrease from August. The bulk of the decrease can be directly attributed to fewer attacks on those organizations that are typically heavily targeted. Many reports have also suggested that phishing organizations have changed strategies and have switched to distributing malware instead. According to the most recent APWG Global Phishing Survey, activity from the Avalanche phishing gang, the world’s most prolific phishing group, dropped significantly as a result of changing strategies to malware distribution. 

In September, RSA says 178 brands were attacked, an 18 percent decrease from August in which 216 brands were attacked, the first time in over a year that the number of targeted brands fell below 200.

The full RSA Online Fraud Report, October 2020 is available here

Be Informed. Subscribe to the SecurityWeek Email Briefing Here >

Tags: Qakbot, malware, cybercrime, financial malware, latest cyber threats

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content


The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Malware & Threats

Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...


The Single Most Important Part of Dealing with a Phishing Attack is Preparing for the Attack Before it Actually Happens.

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...


The UK’s NCSC has issued a security advisory to warn about spearphishing campaigns conducted by two unrelated Russian and Iranian hacker groups.


Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.