Researchers from IBM X-Force Research recorded a surge in the activity of the banking Trojan QakBot (also called PinkSlip). According to experts, the malware blocked thousands of Active Directory users from accessing their company's domains, which is why they could not log in to their employers' servers.

QakBot appeared in 2009 and since then it has been regularly improved. The malware is a modular multifunctional trojan. In particular, QakBot is able to steal bank data, digital certificates, authorization tokens, cookies and perform the functions of a keylogger, backdoor and SOCKS proxy. The latest version of the Trojan also received a function to bypass antivirus detection.

The malware is used to attack commercial organizations in order to steal funds from their bank accounts. QakBot extends like a network worm through self-replication on shared devices and removable drives. The last malicious campaign mainly affected financial organizations in the US. According to IBM researchers, they first encountered that malware blocked users access to Active Directory in corporate networks.

Active Directory directory service for Microsoft for Windows Server operating systems.