Kbot

KBot, a malware identified and analyzed by Kaspersky in February 2020, is one of the most recent viruses to spread in the wild. This malicious software, designed to exploit and damage computers or devices, typically infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or hold data hostage for ransom. Initially, KBot was a simple user-mode downloader, with its core speculated to be from the old ursnif/gozi2/isfb. Over time, however, it evolved into a more sophisticated threat. The downloaded malware samples were usually bankers, including KBot itself and Gozi ISFB. These were found to be part of the same family, indicating a common origin or authorship. Despite many users unwinding after winter, malware authors continued their nefarious activities. A few weeks after Kaspersky's analysis, a new campaign was launched spreading poorly obfuscated JavaScript and an interesting modification of KBot originating from the Carberp leak. This suggests that cybercriminals are constantly evolving their tactics and enhancing their malware to increase its effectiveness and evade detection.