Pinkslipbot

Malware updated 6 months ago (2024-05-14T21:17:32.273Z)
Download STIX
Preview STIX
Pinkslipbot, also known as Qakbot, QBot or QuackBot, is a modular information-stealing malware that has been active since 2008. Initially emerging in 2007 as a banking trojan, it targeted financial institutions to steal sensitive data. Over the years, however, its functionality evolved and diversified, expanding its reach to various industries. The malware was linked to at least 40 ransomware attacks against global companies, healthcare providers, and government agencies, causing hundreds of millions of dollars in damage based on conservative estimates. In early April 2024, there was a significant increase in attacks using the QBot malware. It had become the initial access method of choice for several high-profile ransomware gangs, including REvil, Black Basta, Conti, Egregor, and MegaCortex. These cybercriminal groups utilized the advanced malware strain to prepare newly compromised networks for ransomware infestations. Additionally, techniques once used by the QakBot trojan were leveraged in a widespread phishing campaign involving the DarkGate and PikaBot strains, targeting various industries. However, in August 2023, the QakBot malware operation faced disruption by the FBI during a coordinated law enforcement effort codenamed Operation Duck Hunt. This operation resulted in the dismantling of the botnet, which had infected around 700,000 computers globally. Despite this setback, the tactics employed by the QakBot trojan live on in other malware attacks, demonstrating the persistent and evolving threat posed by such malicious software.
Description last updated: 2024-05-14T21:16:09.873Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Qbot is a possible alias for Pinkslipbot. Qbot, also known as Qakbot or Pinkslipbot, is a modular information stealer malware that first emerged in 2007 as a banking trojan. Its evolution has seen it become an advanced strain of malware used by multiple cybercriminal groups to prepare compromised networks for ransomware infestations. The fi
11
QakBot is a possible alias for Pinkslipbot. Qakbot is a malicious software (malware) designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user, with the potential to steal personal information, disrupt operations, or hold data for ransom. Built by d
9
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Trojan
Ransomware
Phishing
Fraud
Malware Loader
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Pinkslipbot Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Krebs on Security
6 months ago
CERT-EU
a year ago
Securityaffairs
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
InfoSecurity-magazine
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago