TrojanDownloader:JS/Qakbot.G is a JavaScript trojan that attempts to download and install Backdoor:Win32/Qakbot.gen!A.

Microsoft Defender Antivirus detects and removes this threat.

This malware family can give a malicious hacker access and control of your PC. They can then steal your sensitive information. 

For more information on this threat, read: Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks

Backdoor:Win32/Qakbot.gen!A is a generic detection for a trojan backdoor that connects to a remote server, allowing an attacker to access the infected system. By allowing remote access, this backdoor trojan can perform several actions including stealing information and logging user keystrokes. Some variants of this malware may attempt to spread to open shares across a network, including the default shares C$ and Admin$.

TrojanDownloader:JS/Qakbot.B is a JavaScript trojan that attempts to download and install Backdoor:Win32/Qakbot.gen!A. 

The Qakbot family is a multi-component family of trojans that connect to a remote server, allowing an attacker to access the infected system. For more information on the Qakbot family, see the Win32/Qakbot family description elsewhere in the encyclopedia.

Backdoor:Win32/Qakbot.gen!B is a generic detection for a trojan backdoor that connects to a remote server, allowing an attacker to access the affected computer. By allowing remote access, this backdoor trojan can perform several actions including stealing information and logging user keystrokes. Some variants of this malware may attempt to spread to open shares across a network, including the default shares C$ and Admin$.

Backdoor:Win32/Qakbot.H is a backdoor trojan that allows attackers unauthorized access and control of an affected computer. After a computer is infected, the trojan connects to a specific IRC server and joins a specific channel to receive commands from attackers. Commands can instruct the trojan to spread to other computers by scanning for network shares with weak passwords, exploiting Windows vulnerabilities, or possibly spreading through backdoor ports opened by other families of malicious software. The trojan may also allow attackers to perform other backdoor functions, such as launching denial of service (DoS) attacks and retrieving system information from infected computers.

Backdoor:Win32/Qakbot.J is a backdoor trojan that allows attackers unauthorized access and control of an affected computer. After a computer is infected, the trojan connects to a specific IRC server and joins a specific channel to receive commands from attackers. Commands can instruct the trojan to spread to other computers by scanning for network shares with weak passwords, exploiting Windows vulnerabilities, or possibly spreading through backdoor ports opened by other families of malicious software. The trojan may also allow attackers to perform other backdoor functions, such as launching denial of service (DoS) attacks and retrieving system information from infected computers.

Backdoor:Win32/Qakbot.gen!C is a trojan backdoor that connects to a remote server, allowing an attacker to access your computer. It can steal confidential information, such as your online banking details and email user names and passwords.

To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:

• Microsoft Defender Antivirus for Windows 10 and Windows 8.1, or Microsoft Security Essentials for Windows 7 and Windows Vista
• Microsoft Safety Scanner

This threat tries to steal sensitive and confidential information from affected users to perpetrate fraud. If you believe that your personal financial information may have been compromised, please refer to the following advisory for additional advice:

• What to do if you are a victim of fraud

It may also steal your information by recording your user names and passwords. After removal of the threat you should change your passwords. Please refer to the following advisory for tips on how to create and use passwords:

• Create strong passwords

Please also refer to the following advisory for additional advice:

• What to do if you think your account details have been stolen

For more information on this threat, read: Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks

TrojanDownloader:JS/Qakbot.A is a JavaScript trojan that attempts to download and install Backdoor:Win32/Qakbot.gen!A. 

The Qakbot family is a multi-component family of trojans that connect to a remote server, allowing an attacker to access the infected system. For more information on the Qakbot family, see the Win32/Qakbot family description elsewhere in the encyclopedia.

Microsoft Defender Antivirus detects and removes this threat.

Qakbot, also known as Quakbot, Qbot, and similar names, has been active since 2007. Qakbot started life as a credential stealer optimized to obtain credentials from banking and other financial services. In 2020 and 2021, Qakbot has been observed to lead to ransomware-as-a-service (RaaS) actors responsible for expedient ransomware and data exfiltration from organizations via purchased access to Qakbot infections.

Qakbot global campaign has been impacting organizations with malicious email deliveries that lead to infection with a renovated Qakbot implant that quickly ascertains system information to determine which organizations are valuable for resale. Qakbot transitions to human re-entry by a motivated operator based on the company or network profile obtained during reconnaissance. The consequences are likely to involve ransomware and data exfiltration as well as increased scope of organizational compromise.

Read these blogs for details:

• Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk
• Hunt for Ransomware
• Human-operated ransomware attacks: A preventable disaster
• Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks

Qakbot is a multi-component malware family that can grant unauthorized access and control of an affected device. The trojan connects to a remote server, letting a threat actor access and control a device to steal sensitive information and perform other malicious actions on the device. Qakbot can steal confidential information, such as online banking details and email usernames and passwords. Some variants of this malware might attempt to propagate to open shares across a network, including the default shares C$ and Admin$.

Qakbot is often distributed using malicious links and attachments in emails or through exploit kits. The trojan employs advanced evasion techniques to avoid detection and removal by security solutions.

Qakbot is also known by several other names, including Qbot, Quakbot, Pinkslipbot, and Brbank.

Microsoft Defender Antivirus detects and removes this threat.

This threat can give a malicious hacker access and control of your PC. It can also steal your sensitive information, such as your bank details, and your email user names and passwords.

This threat can be installed by exploit kits, such as Sweet Orange. It can also spread using infected network and removable drives, such as USB flash drives.

Microsoft Defender Antivirus detects and removes this threat.

This malware family can give a malicious hacker access and control of your PC. They can then steal your sensitive information.

See the Win32/Qakbot description for more information.

This is a behavior-based telemetry signature for Qakbot.

Read the following blogs for details:

• Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself
• A closer look at Qakbot’s latest building blocks (and how to knock them down)
• Structured threat hunting: One way Microsoft Defender Experts for Hunting prioritizes customer defense

Microsoft Defender Antivirus detects and removes this threat.

Backdoor:Win32/Qakbot!lnk is a malicious shortcut file that exploits the vulnerability described in CVE-2010-2568 and resolved with the release of Microsoft Security Bulletin MS10-046. It infects your computer with another malware.

Update vulnerable applications

This threat exploits a known vulnerability described in CVE-2010-2568, in Windows. After removing this threat, make sure that you install the updates available from the vendor. You can read more about the vulnerability, as well as where to download the software update, in Microsoft Security Bulletin MS10-046.

For more information on this threat, read: Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks