Qbot malware's back, and latest strain relies on Visual Basic script to slip into target machines February 28, 2019 https://www.theregister.co.uk/2019/02/28/new_qbot_banking_malware_strain/ Varonis blog entry: Varonis Exposes Global Cyber Campaign: C2 Server Actively Compromising Thousands of Victims
Good example of LOL bitsadmin use: Also of note: -EDIT- The Register article misstated the facts. The most infected installations were running McAfee with Windows Defender showing the second highest number of infections. The least infected installations were running Eset Endpoint Security. Since the "Other" AV category was sizable, it is fair to assume this bugger bypassed all of them. Per the Varonis article: Victims by Anti-Virus Found Since this malware specifically checked for what AV software was installed, one can assume infected victim counts reflect what software was easiest to bypass. -EDIT- Actually, this malware had its greatest impact against U.S. installations. Fair to assume many of those were using McAfee. Hence, the victim counts reflect malware geographical target preference versus the ability to bypass a given AV solution. Again, it appears this attack could bypass all enterprise AV solutions.
Qbot Malware Dropped via Context-Aware Phishing Campaign April 24, 2019 https://www.bleepingcomputer.com/ne...-dropped-via-context-aware-phishing-campaign/ JASK: Back (Again): Uncovering the Latest Qbot Banking Trojan