Defence firm BAE Systems’ team spotted it
Researchers have uncovered a new strain of data-stealing trojan Qbot.
The malware has infected more than 54,000 PCs in thousands of organisations across the world.
Incident response experts at BAE Systems came across the malware variant during an engagement at an unnamed public sector organisation.
The Qbot-related attack affected more than 500 computers and impacted the operation of critical systems on the victim’s network.
The variant incorporates polymorphic or “shape changing” code in a bid to make it harder to detect and intercept.
In addition, automated updates to the malware generated new, encrypted versions every six hours.
Cyber crooks altered the destination of the stolen data each time.
Adrian Nish, head of cyber threat intelligence at BAE Systems, commented: “In this instance, the criminals tripped up because a small number of outdated PCs were causing the malicious code to crash them, rather than infect them.
It was this series of crashes that alerted the organisation to the spreading problem.” ®
Sponsored: The LOGICnow cyber threat guide