Microsoft is warning against Qakbot and Emotet, two malware families that do just that. Both focus on stealing online banking credentials from individuals and enterprises. The latest statistics suggest that 33% of Qakbot encounters are found on enterprise PCs, while 7% of victims are small and medium businesses. 29% are home users, so it’s a threat to pretty much everyone. Emotet seems to target individuals more frequently, at 61% home users, 10% enterprise, and 8% small and medium businesses. They steal data via techniques like keylogging, where every keystroke is recorded. Variants also hook into browser APUs to steal info, as well as steal cookies and certificates.
Once one PC is infected, some variants try to spread. Qakbot and Emotet can move across network shares, drives, and USB drives. More significantly, they can use collected admin credentials, bruce force Azure AD accounts, and more. It’s usually delivered to users via an attachment found on websites or emails, sleeping for 15 minutes to evade sandboxes. More recent variants also make use of exploit kits, installing the malware alongside an encrypted DLL file.
Preventing Infection
Microsoft has several steps to follow if you do find yourself a victim of one of these malwares, including disconnecting from the internet to stop spreads. You can view the full list of steps here. As usual, Microsoft is also using this as an oppurtunity to plug Window 10’s security measures. In particular, Windows 10 S blocks Quakbot and Emotet by only allowing Store apps to run. The regular OS version will also offer some protection, however, including Windows Defender Application Guard, which can pair with Edge to mitigate exploits and sandbox. For businesses, Microsoft is pushing Windows Defender Advanced Threat Protection, which will flag the infections using machine learning. Whatever the case, the company advises briefing employees on such malware. “Educating employees on social engineering attacks and internet safety, and training them to report suspicious emails or websites can go a long way in protecting networks against cyberattacks,” says Keith Abulton of Windows Escalation Services.