Information Security Buzz: Pinkslipbot/QakBot Banking Trojan Malware Steals Data Even After Deleted

June 22, 2017 — Pinkslipbot/QakBot Banking Trojan Malware Steals Data Even After Deleted

In response to news of the QakBot trojan, which uses new exploit methods to continue to use infected machines as control servers, IT security expert Don Duncan of NuData commented below.


Pinkslipbot is the latest variant of QakBot, which has been causing havoc in the wild for more than 10 years, and is the latest reminder that best practices are a major component of a user’s best defense. Pinkslipbot is extremely persistent, and essentially anyone with fast internet and open ports on an Internet gateway device using UPnP is vulnerable to it. Pinkslipbot detects available ports, infects machines behind the firewall, and relays information to C&C servers. In the short term, it’s important that “local port-forwarding rules” be monitored, and UPnP should be turned off if the user doesn’t need it.

“Ultimately, the solution is to prevent the use of stolen data by overlaying new barriers in the form of behavioral biometric authentication. These new solutions authenticate users based on their online behaviors – methods that are extremely resistant to impersonation, don’t rely on credentials and can even provide banks with options to upgrade user experiences for good customers. These technologies are going to defeat Trojans and malware by making the credentials and payment card details obsolete. Fraudsters are in the business of making money, so the real answer is to the data useless.

New solutions authenticate users based on their online behaviors; methods that are extremely resistant to impersonation, don’t rely on credential data, and can even provide banks with options to upgrade user experiences for trusted good customers. These technologies are going to defeat Trojans and malware by making the credentials and payment card details that the fraudsters go after obsolete.

For the complete article, go here.