Qhost is a generic trojan family known for modifying the Windows hosts file to redirect users to attacker-controlled servers, typically for phishing or to block security software updates. It is often used in conjunction with banking-fraud campaigns and pharming attacks. Detection requires inspecting the hosts file for unauthorized entries and reverting changes.
This family has been observed using the following ATT&CK techniques: T1556 T1071.001
Qhost is a generic trojan family known for modifying the Windows hosts file to redirect users to attacker-controlled servers, typically for phishing or to block security software updates. It is often used in conjunction with banking-fraud campaigns and pharming attacks. Detection requires inspecting the hosts file for unauthorized entries and reverting changes.
Qhost spreads through malicious downloads and modifies the system hosts file to redirect users from legitimate banking and webmail sites to phishing pages.
Modified Windows hosts file with entries redirecting major bank or webmail domains, certificate warnings on familiar sites, and antivirus detections for Qhost are diagnostic.
If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance.
Get this profile as JSON: https://jordanricky1604-ship-it.github.io/malware-families-catalog/api/qhost.json
This profile is part of the Malware Families Catalog, a public dataset of 2,899 malware families extracted from the EMBER 2018 benchmark. The catalog is also published on Hugging Face and Kaggle.