We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Trojan:Win64/Qakbot
Aliases: No associated aliases
Summary
Qakbot is a multi-component malware family that can grant unauthorized access and control of an affected device. The trojan connects to a remote server, letting a threat actor access and control a device to steal sensitive information and perform other malicious actions on the device. Qakbot can steal confidential information, such as online banking details and email usernames and passwords. Some variants of this malware might attempt to propagate to open shares across a network, including the default shares C$ and Admin$.
Qakbot is often distributed using malicious links and attachments in emails or through exploit kits. The trojan employs advanced evasion techniques to avoid detection and removal by security solutions.
Qakbot is also known by several other names, including Qbot, Quakbot, Pinkslipbot, and Brbank.
Microsoft Defender Antivirus automatically removes threats as they are detected. However, many infections can leave remnant files and system changes. Updating your antimalware definitions and performing a full scan might help address these remnant artifacts.
Microsoft Defender XDR customers can run these advanced hunting queries to find activity related to Qakbot in their networks.
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
Devices infected by this trojan might be severely compromised and require complete restoration. Consider restoring your device. When restoring data, ensure to use an uninfected copy.
