US bank customers targeted in ongoing Qbot campaign
F5 Labs has discovered ongoing attacks utilizing the Qbot malware payloads to steal banking credentials from customers of US financial institutions, including JP Morgan, Wells Fargo, Capital One, Bank of America, and Citibank. Qbot is a banking trojan with features that are used to steal financial data, such as logging keystrokes, deploying backdoors, and dropping additional malware on compromised machines.
According to F5 Labs, the campaign targets 36 US banking institutions as well as two banks in Canada and the Netherlands. Although Qbot hasn’t changed much since it emerged in 2008, F5 stated that it seems the trojan has adopted several sophisticated techniques to avoid detection and perform tasks.