BAE Qbot ReportThe malware Qbot relies on stealth to secretly steal victims' credentials, but an unexpected glitch during a recent cyberattack alerted researchers to a new campaign featuring a more virulent strain of the software.According to a white paper and corresponding release, BAE Systems discovered a new variant of Qbot — the original dates back to 2009 — featuring significant modifications to avoid detection, including:BAE determined the Qbot variant has infected more than 54,000 PCs globally. However, the plot was uncovered when the malware caused several Windows XP-based computers at a public sector organization to crash. "The criminals tripped up because a small number of outdated PCs were causing the malicious code to crash them, rather than infect them,” said Adrian Nish, BAE's head of cyber threat intelligence in a company statement.
- polymorphic code that disguises Qbot's coding signatures
- automated updates that generate new encrypted versions every six hours to outpace software updates
- the ability to identify sandbox environments to thwart malware researchers



