{
  "family": "qhost",
  "sample_count": 1722,
  "category": "trojan_generic",
  "description": "Qhost is a generic trojan family known for modifying the Windows hosts file to redirect users to attacker-controlled servers, typically for phishing or to block security software updates. It is often used in conjunction with banking-fraud campaigns and pharming attacks. Detection requires inspecting the hosts file for unauthorized entries and reverting changes.",
  "cta": "If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance.",
  "aliases": [],
  "enrichment_level": "hand-curated",
  "faq": [
    {
      "@type": "Question",
      "name": "What is Qhost?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Qhost is a generic trojan family known for modifying the Windows hosts file to redirect users to attacker-controlled servers, typically for phishing or to block security software updates. It is often used in conjunction with banking-fraud campaigns and pharming attacks. Detection requires inspecting the hosts file for unauthorized entries and reverting changes."
      }
    },
    {
      "@type": "Question",
      "name": "How does Qhost spread?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Qhost spreads through malicious downloads and modifies the system hosts file to redirect users from legitimate banking and webmail sites to phishing pages."
      }
    },
    {
      "@type": "Question",
      "name": "What are the signs of a Qhost infection?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Modified Windows hosts file with entries redirecting major bank or webmail domains, certificate warnings on familiar sites, and antivirus detections for Qhost are diagnostic."
      }
    },
    {
      "@type": "Question",
      "name": "What should I do if I think I have Qhost on my system?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance."
      }
    }
  ],
  "faq_count": 4,
  "mitre_attack": [
    "T1556",
    "T1071.001"
  ],
  "cisa_advisory": null,
  "last_updated": "2026-05-27"
}