By Narinder Purba posted 13 Apr 2016 - 05:23PM
Security researchers have detected a new, updated
strain of the data-stealing trojan Qbot that is “harder to detect and
intercept”.
According to a detailed report by BAE systems, the malware has already
infected more than 54,000 computers across thousands of organizations. ESET
detects this threat as Win32/Qbot and Win32/Kryptik.
Analysts said that a number of updates have been
made to the original Qbot malware, including a “shape-changing” and
“polymorphic” code that makes it more difficult to detect.
As noted by IT Pro, the malware can also detect if is being
looked at in a sandbox environment – a tool used by security researchers to
spot malware before it can cause damage to users.
An incident response team at BAE Systems discovered
the new threat in early 2016, when 500 computers belonging to an unnamed public
sector organization were infected.
The BAE Systems blog notes that cybercriminals have
specifically targeted public organizations including police
departments, hospitals and universities.
Adrian Nish, head of Cyber Threat Intelligence at
BAE Systems, explained: “Many public sector organizations are responsible for
operating critical infrastructure and services, often on limited budgets, making
them a prime target for attacks.
“In this instance, the criminals tripped up because
a small number of outdated PCs were causing the malicious code to crash them,
rather than infect them. It was this series of crashes that alerted the
organization to the spreading problem.”
The BAE Systems report categorizes Qbot as a
network-aware worm with backdoor credentials, primarily used for harvesting
user credentials.
It’s noted that Qbot could still continue to
spread, and organizations are being recommended to update and search their
defensive systems to identify attacks.