Qbot, also known as Qakbot or Qakbot, is a banking trojan and credential-stealer first observed in 2008 that has remained continuously active and become a major delivery vector for ransomware including ProLock, Egregor, and Conti. It steals banking credentials, browser data, and email, and propagates through network shares and brute-forcing. Qbot is typically delivered through phishing campaigns using thread-hijacking, where attackers reply to existing email threads to add credibility. International law enforcement disrupted Qakbot infrastructure in August 2023.
This family has been observed using the following ATT&CK techniques: T1566.001 T1055 T1071.001 T1547.001
Qbot, also known as Qakbot or Qakbot, is a banking trojan and credential-stealer first observed in 2008 that has remained continuously active and become a major delivery vector for ransomware including ProLock, Egregor, and Conti. It steals banking credentials, browser data, and email, and propagates through network shares and brute-forcing. Qbot is typically delivered through phishing campaigns using thread-hijacking, where attackers reply to existing email threads to add credibility. International law enforcement disrupted Qakbot infrastructure in August 2023.
Qbot (Qakbot) spreads through phishing email reply-chain hijacking, malicious Office attachments, and ZIP-with-LNK delivery, often preceding Conti, Black Basta, and other ransomware deployments.
Email thread hijacking complaints from contacts, browser injection on banking sites, scheduled tasks with random names, and antivirus references to Qakbot, Qbot, or Pinkslipbot are key indicators.
If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance.
Get this profile as JSON: https://jordanricky1604-ship-it.github.io/malware-families-catalog/api/qbot.json
This profile is part of the Malware Families Catalog, a public dataset of 2,899 malware families extracted from the EMBER 2018 benchmark. The catalog is also published on Hugging Face and Kaggle.