Microsoft has identified two Trojan horses that have been showing renewed activity in the past few months. Qakbot and Emotet are two different malware families, but the company points out that they have the same ultimate goal of stealing banking credentials that can be used to steal money or commit identity theft.
While these two originally targeted online banking users, enterprises, small and medium business, and other organizations are reportedly being infected as well. To make things worse, some variants have the capability to spread on systems and networks, possibly worsening infection rates.
Typically, Trojan droppers delivered as an attachment will start the attack process. When the download is executed and installed, it will spoof legitimate Windows services to lower suspicions. It will then communicate with a Command & Control (C&C) server, which will be responsible for giving the malware instructions on what to do.
Qakbot and Emotet can purportedly infect network shares and drives, including removable ones like USB sticks. They can also make copies of themselves on other machines using Server Message Blocks (SMBs).
The Redmond giant’s monthly machine encounters for the two malware showed an upward trend during May and August of this year.
If a system is infected, Microsoft recommends disconnecting from the internet to prevent communication with the (C&C) server. The firm also suggests stopping the automatic execution of the malware and monitoring the network for possible re-infections once it has been neutralized.