The Federal Bureau of Investigations and its European partners took down a global malware network that’s been using a malicious software agent to commit numerous cybercrimes for the last 15 years, according to a release from the Department of Justice.
The operation also saw the seizure of over $8.6 million in illicit cryptocurrency profits, and authorities are remotely deleting the Qakbot malware botnet from thousands of infected computers. US Attorney General Martin Estrada’s office plans to make the seized cryptocurrency funds to Qakbot victims.
Estrada said Qakbot — also known as Qbot and Pinkslipbot is one of the most notorious botnets, or network of compromised computers, ever and a favorite amongst infamous ransomware gangs. The malware could infect computers through spam email messages with malicious attachments or links. Once infected, Qakbot would deliver more malware and ransomware to the compromised computers, often time without the victims’ knowledge. Cyber criminals could then easily extort victims — often businesses, healthcare providers and government agencies — for money in exchange for access to their computers. Between October 2021 and April 2023, the investigators estimate victims paid about $58 million to Qakbot administrators.
“The Operation ‘Duck Hunt’ Team utilized their expertise in science and technology, but also relied on their ingenuity and passion to identify and cripple Qakbot, a highly structured and multi-layered bot network that was literally feeding the global cybercrime supply chain,” Donald Alway, the assistant director in charge of the FBI’s Los Angeles Field Office, said in a statement.
Operation Duck Hunt discovered just how far-reaching the network was, identifying over 700,000 infected computers worldwide — more than 200,000 in the US alone. Because the malware was part of a botnet, bad actors could remotely control all the infected computers.
While the action against Qakbot will prevent numerous cyberattacks in the public and private sector, cybercrime is like battling a Hydra — as soon as you cut off one head, another head — or two or three — will take its place. The DOJ said the operation only removed Qakbot malware, meaning if other malware was already installed, it’s still there.
There are steps you can take to protect yourself like changing your passwords often, researching an app before downloading it and learning how to spot phishing messages. Google is also testing a Safety Check tool that can alert you when a malicious extension is detected on your Chrome browser.