The Justice Department today announced a multinational operation involving actions in the United States, France, Germany, the Netherlands, the United Kingdom, Romania, and Latvia to disrupt the botnet and malware known as Qakbot and take down its infrastructure. [1]

On August 29th, 2023, the FBI provided Have I Been Pwned (HIBP) with 6.43M email addresses to help notify impacted victims of their exposure to the Qakbot malware. Anyone may check to see if their email address is included in the list of victims of the Qakbot malware via the HIBP notification service.

We recommend that everyone subscribes to the free notification service provided by Have I Been Pwned (HIBP) which can notify you if your email address is found in certain data breaches, including being in the Qakbot data.

Qakbot relied on compromised accounts to spread its malicious emails. If a receiver interacted with one of these emails, it is highly likely that their device became infected. As a result, they would have become part of the Qakbot botnet. [2]

If you find that your email address is in the Qakbot data, meaning your computer was probably infected with the malware, you should take several actions, including resetting your email password, and resetting any other passwords that were used on the infected computer (banking, shopping, etc.). Also, it’s possible your computer is infected with other additional malware, it should be scanned by a reputable antivirus/anti-malware product such as Malwarebytes or Windows Defender. Since Qakbot targets, among other things, banking/financial details, you should carefully review bank statements for unauthorized transactions and report any you find to your financial institution.

Continue reading →